Donating data for greater sustainability

Use case: a lack of data in an age of data abundance

A city strives to enable more sustainable mobility, and wants to determine whether it should create more bicycle lanes. It seeks a decision-making basis that is harmless in terms of data protection and from an ethical perspective.

Enormous volumes of data relating to the population’s mobility already exist thanks to smartphones. However, for the most part, this data is stored by major tech companies and is either not accessible to the city at all, or not in a suitable resolution. The raw data that is needed is simply not available for projects seeking to use data for purposes related to sustainability, as is the case for our city.

New: cooperative business model

Together with Posmo, the data cooperative for sustainable mobility, BFH researcher Annett Laube is taking on this challenge. Posmo collects and manages mobility data with the goal of making future mobility more sustainable. As part of its mission, it manages data in a cooperative. ‘Members of the cooperative actively consent to sharing their data for the purpose of greater sustainability,’ explains Annett.

Posmo users have constant control over what happens with their data. If a client such as the city uses our members’ data to achieve an end, they should later receive compensation for their contributions. This makes Posmo’s business model fundamentally different from current practices that involve an implicit handover of personal data in exchange for free access to apps and services.

The challenge: credibility

‘For this approach to succeed,’ points out Annett, ‘credibility is essential. Ethical governance needs to be enforced, and data should not be misused under any circumstances.’ Posmo’s ethics committee decides whether a client request is acceptable. ‘We develop processes and bases on which decisions can be made so that the committee can do its work as efficiently as possible,’ explains Annett. The idea is to create automatic decision-making models.

Obviously, caution needs to be exercised when it comes to using the mobility data generated by Posmo members. GPS data is gathered by the app every 10 seconds. This enables precise movement profiles to be created and allows conclusions to easily be drawn about individuals. As part of this process, no raw data ever leaves the Posmo data pool – only selected data that is anonymised and aggregated.

The road ahead: anonymity through data entanglement

Annett’s main focus is the anonymisation of sensitive data. ‘No data is allowed to be outside an entangled data block.’ A data block is a collection of data that operates as a whole to protect the anonymity of individual Posmo users without making individual data apparent or identifiable.

If a dataset does not yet function as a block, other elements – such as data selection, aggregation, noise in the position data and imprecise time information – ensure that no individuals can be identified.

The concepts and algorithms developed at BFH allow Posmo to ascertain when it has sufficient and sufficiently large amounts of entangled data so that it can continue to process it without causing harm. To develop these concepts, Annett and her team are applying established anonymisation techniques such as k-anonymity and l-diversity to movement profiles and developing evaluation methods, making the data usable in practice.

The goal: a general theory of anonymity

The team adopts a different approach to anonymising data depending on the question that needs to be answered. Annett cites an example of a project in Zurich: ‘If only the means of transport used is of interest, for example, it may sound anonymous and uncritical. But if an individual in the dataset takes the Polybahn, they are potentially identifiable. So there’s no “general” way to ensure anonymity.’

In the light of this challenge, Annett and her team are exploring ways of formalising and automating anonymisation techniques and processes as part of an Innosuisse project that runs until summer 2024.