Mobility data is essential for cities and communities to identify areas for necessary improvement. Data collected by mobility providers already contains all the information necessary, but privacy of the individuals needs to be preserved. Differential privacy (DP) defines a mathematical property which guarantees that certain limits of privacy are preserved while sharing such data, but its functionality and privacy protection are difficult to explain to laypeople. In this paper, we adapt risk communication formats in conjunction with a model for the privacy risks of DP. The result are privacy notifications which explain the risk to an individual's privacy when using DP, rather than DP's functionality. We evaluate these novel privacy communication formats in a crowdsourced study. We find that they perform similarly to the best performing DP communications used currently in terms of objective understanding, but did not make our participants as confident in their understanding. We also discovered an influence, similar to the Dunning-Kruger effect, of the statistical numeracy on the effectiveness of some of our privacy communication formats and the DP communication format used currently. These results generate hypotheses in multiple directions, for example, toward the use of risk visualization to improve the understandability of our formats or toward adaptive user interfaces which tailor the risk communication to the characteristics of the reader.

翻译：移动数据对于城市和社区识别需要改进的领域至关重要。移动提供商收集的数据已包含所有必要信息，但个人隐私必须得到保护。差分隐私（DP）定义了一种数学属性，可确保在共享此类数据时保留特定的隐私限制，但其功能和隐私保护难以向非专业人士解释。本文中，我们结合DP隐私风险模型，改编了风险沟通形式。其成果是隐私通知，这些通知解释使用DP时对个人隐私的风险，而非DP的功能。我们通过众包研究评估了这些新型隐私沟通形式。研究发现，它们与当前使用的最佳DP沟通形式在客观理解方面表现相似，但并未让参与者对自己的理解充满信心。我们还发现一种类似邓宁-克鲁格效应的影响，即统计素养对我们某些隐私沟通形式及当前使用的DP沟通形式的有效性产生影响。这些结果产生了多个方向的假设，例如，利用风险可视化来提高我们形式可理解性，或采用自适应用户界面，将风险沟通与读者特征相匹配。