The public transport network of a region inhabited by more than 4 million people is run by a complex interplay of public and private actors. Large amounts of data are generated by travellers, buying and using various forms of tickets and passes. Analysing the data is of paramount importance for the governance and sustainability of the system. This manuscript reports the early results of the privacy analysis which is being undertaken as part of the analysis of the clearing process in the Emilia-Romagna region, in Italy, which will compute the compensations for tickets bought from one operator and used with another. In the manuscript it is shown by means of examples that the clearing data may be used to violate various privacy aspects regarding users, as well as (technically equivalent) trade secrets regarding operators. The ensuing discussion has a twofold goal. First, it shows that after researching possible existing solutions, both by reviewing the literature on general privacy-preserving techniques, and by analysing similar scenarios that are being discussed in various cities across the world, the former are found exhibiting structural effectiveness deficiencies, while the latter are found of limited applicability, typically involving less demanding requirements. Second, it traces a research path towards a more effective approach to privacy-preserving data management in the specific context of public transport, both by refinement of current sanitization techniques and by application of the privacy by design approach.

Privacy-Preserving Design of Data Processing Systems in the Public Transport Context / Callegati, Franco; Campi, Aldo; Melis, Andrea; Prandini, Marco; Zevenbergen, Bendert. - In: PACIFIC ASIA JOURNAL OF THE ASSOCIATION FOR INFORMATION SYSTEMS. - ISSN 1943-7544. - ELETTRONICO. - 7:4(2015), pp. 3.25-3.49.

Privacy-Preserving Design of Data Processing Systems in the Public Transport Context

CALLEGATI, FRANCO;CAMPI, ALDO;MELIS, ANDREA;PRANDINI, MARCO;
2015

Abstract

The public transport network of a region inhabited by more than 4 million people is run by a complex interplay of public and private actors. Large amounts of data are generated by travellers, buying and using various forms of tickets and passes. Analysing the data is of paramount importance for the governance and sustainability of the system. This manuscript reports the early results of the privacy analysis which is being undertaken as part of the analysis of the clearing process in the Emilia-Romagna region, in Italy, which will compute the compensations for tickets bought from one operator and used with another. In the manuscript it is shown by means of examples that the clearing data may be used to violate various privacy aspects regarding users, as well as (technically equivalent) trade secrets regarding operators. The ensuing discussion has a twofold goal. First, it shows that after researching possible existing solutions, both by reviewing the literature on general privacy-preserving techniques, and by analysing similar scenarios that are being discussed in various cities across the world, the former are found exhibiting structural effectiveness deficiencies, while the latter are found of limited applicability, typically involving less demanding requirements. Second, it traces a research path towards a more effective approach to privacy-preserving data management in the specific context of public transport, both by refinement of current sanitization techniques and by application of the privacy by design approach.
2015
Privacy-Preserving Design of Data Processing Systems in the Public Transport Context / Callegati, Franco; Campi, Aldo; Melis, Andrea; Prandini, Marco; Zevenbergen, Bendert. - In: PACIFIC ASIA JOURNAL OF THE ASSOCIATION FOR INFORMATION SYSTEMS. - ISSN 1943-7544. - ELETTRONICO. - 7:4(2015), pp. 3.25-3.49.
Callegati, Franco; Campi, Aldo; Melis, Andrea; Prandini, Marco; Zevenbergen, Bendert
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/539062
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? 0
social impact