Sign in Subscribe
privacy

Anonymizing Mobility Data for Civic Use Cases

Apurva Kumar

Apurva Kumar

6 min read
Anonymizing Mobility Data for Civic Use Cases
This blog posts delves into the anonymization and aggregation techniques for mobility data for govtech, smart city, and civic use cases.
Sign up for our webinars to learn from our data scientists and geospatial experts. They will show you how mobility intelligence can be used in the most cost-effective way to measure and analyze movement patterns.

In the evolving landscape of urban development, geospatial mobility data serves as an indispensable input for fostering civic intelligence and constructing smarter cities. This invaluable data is meticulously curated from a diverse array of sources, including IoT sensors, mobile devices, beacons, connected vehicles, fleet management systems, mobile applications, conversational AI chatbots, and government digital services. The ability to effectively measure and analyze movement patterns through such data, while maintaining robust privacy safeguards, is paramount for cost-effective civic planning and operational optimization.

CITYDATA stands at the forefront as a dedicated GovTech enterprise, meticulously curating fresh, accurate, and anonymized crowdsourced mobility data across 9000 cities and metropolitan areas globally.

Privacy by Design: A Core Tenet in Geospatial Data Management

A foundational principle in GovTech is the unwavering commitment to consumer data protection and privacy preservation. Recognizing this, our team has dedicated substantial resources to extensive research and analysis of the multifaceted privacy environment, regulatory frameworks, and cultural expectations prevalent across diverse international jurisdictions. This comprehensive understanding informs our robust data philosophy and the architectural design of our technology, ensuring privacy by design is intrinsically woven into every aspect of our operations, from policy formulation to practical implementation.

Our adherence to global privacy standards is reflected in our proactive engagement with key legislative frameworks:

  • European Union: The General Data Protection Regulation (GDPR), a landmark legislation establishing stringent data protection and privacy rules for individuals within the EU.
  • United States: The U.S. lacks a single, comprehensive federal privacy law, leading to a dynamic and evolving patchwork of state-level regulations. Our approach accounts for:
    • California: The California Consumer Privacy Act (CCPA), empowering California consumers with greater control over their personal information. Beyond CCPA, the California Privacy Rights Act (CPRA), which came into full effect on January 1, 2023, further enhances these protections and established the California Privacy Protection Agency (CPPA).
    • Virginia: The Virginia Consumer Data Protection Act (VCDPA), effective January 1, 2023, provides consumers with rights including access, deletion, and opt-out for personal data.
    • Colorado: The Colorado Privacy Act (CPA), effective July 1, 2023, aligns closely with the CPRA and GDPR, granting consumers similar rights.
    • Connecticut: The Connecticut Data Privacy Act (CTDPA), effective July 1, 2023, is another comprehensive law offering consumer data rights.
    • Utah: The Utah Consumer Privacy Act (UCPA), effective December 31, 2023, provides consumer rights though with some business-friendly distinctions.
    • Texas: The Texas Data Privacy and Security Act (TDPSA), effective July 1, 2024, covers businesses conducting operations in Texas or offering products/services consumed by Texas residents, with unique aspects regarding small businesses and precise geolocation as sensitive data.
    • Oregon: The Oregon Consumer Privacy Act (OCPA), effective July 1, 2024, is notable for not exempting non-profits and for its broad scope.
    • Montana: The Montana Consumer Data Privacy Act (MTCDPA), effective October 1, 2024, is similar to laws in Virginia, Colorado, and Connecticut.
    • Iowa: The Iowa Consumer Data Protection Act (ICDPA), effective January 1, 2025, is often considered one of the more business-friendly laws.
    • Delaware: The Delaware Personal Data Privacy Act (DPDPA), effective January 1, 2025, includes stronger protections for children's data and a broader definition of sensitive data.
    • Nebraska: The Nebraska Data Privacy Act (NDPA), effective January 1, 2025, applies to companies processing or selling personal data in the state.
    • New Hampshire: The New Hampshire Privacy Act (NHPA), effective January 1, 2025, provides consumer rights, including the right to opt-out of data sale or targeted advertising.
    • New Jersey: The New Jersey Data Privacy Act (NJDPA), effective January 15, 2025, offers comprehensive privacy protections, requiring affirmative consent for processing minors' data for targeted advertising, sale, or profiling.
    • Tennessee: The Tennessee Information Protection Act (TIPA), effective July 1, 2025.
    • Minnesota: The Minnesota Consumer Data Privacy Act (MCDPA), effective July 31, 2025, requires data minimization and has specific requirements around Chief Privacy Officers.
    • Maryland: The Maryland Online Data Privacy Act (MODPA), effective October 1, 2025, imposes stringent data minimization standards and bans the sale of sensitive data.
    • Rhode Island: The Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA), effective January 1, 2026.
    • Indiana & Kentucky: Laws in these states are also coming into effect in 2026.
  • Singapore and Southeast Asia: Various Personal Data Protection Acts (PDPA) and their derivatives, tailored to regional specificities, governing the collection, use, and disclosure of personal data.
  • Brazil and Latin America: The Lei Geral de Proteção de Dados (LGPD) and its regional counterparts, establishing comprehensive data protection regulations across the continent.
CITYDATA.ai : Anonymized and aggregated heat maps for the Golden Gate Park, Presidio, and the Golden Gate Bridge in San Francisco, California

Our Big Data + AI platform exemplifies our commitment by providing anonymized and aggregated geospatial heatmaps, such as those for iconic San Francisco landmarks like Golden Gate Park, Presidio, and the Golden Gate Bridge. These visualizations demonstrate the power of privacy-centric data.

Our geospatial data platform integrates privacy by design through the strict application of the following framework principles:

[ 1 ] Proactive Personal Data Rejection

A cornerstone of our privacy framework is the unequivocal rejection of personally identifiable information (PII). We explicitly instruct all data suppliers and sources to never transmit personal data such as names, email addresses, phone numbers, IMEI numbers, dates of birth, gender, ethnicity, income, transactional details, or purchase history. Recognizing the immense scale of processing trillions of data points, our advanced data validation algorithms are rigorously trained to autonomously identify and reject any inadvertent ingress of personal data at the source ingestion endpoint, thereby preventing its storage or processing within our systems.

[ 2 ] Cryptographic Hashing for Anonymization

Upon ingestion, all unique identifiers are subjected to immediate cryptographic hashing prior to storage or archival in our secure cloud infrastructure. We utilize the SHA-256 cryptographic hash function, a more robust and widely recommended successor to SHA-1. SHA-256 takes the identifier as input and produces a 256-bit (32-byte) hash value, rendered as a 64-digit hexadecimal number. This one-way transformation ensures that original identifiers cannot be reconstructed from their hashed counterparts, effectively pseudonymizing the data.

[ 3 ] Spatial and Temporal Obfuscation

Geospatial data inherently comprises sensitive attributes such as latitude, longitude, and timestamps associated with an IoT sensor or mobile device. To further enhance privacy, we employ spatial and temporal obfuscation techniques. This involves applying random perturbations within carefully defined, acceptable bounds to these precise geocoordinates and timestamps. The result is an obfuscated dataset that maintains the statistical integrity and utility for generating meaningful insights, while simultaneously de-identifying individual trajectories.

[ 4 ] Grid-Based Aggregation for Enhanced Privacy

A fundamental technique for data anonymization and pattern inference is the allocation of geospatial data to standardized hierarchical tessellation schemes, such as Geohash or H3 grids. We implement grid masking by aggregating data within these defined grid cells and assigning non-identifiable features to each cell. These features include, but are not limited to, device counts, signal strength metrics, density estimations, day-parted activity counts, weekday/weekend activity distributions, and hourly ingress-egress patterns. This aggregation process offers a dual benefit: the aggregated features inherently anonymize the underlying individual data points, while simultaneously facilitating the inference of broader macroscopic mobility patterns and people-density metrics across wider geographical areas.

Empowering Civic Innovation with Privacy-Preserving Mobility Data

Geospatial mobility data collected from IoT sensors, mobile devices, beacons, connected cars, fleets, apps, chatbots, and government services is an essential input for civic intelligence to build smarter, sustainable, and resilient cities. The judicious application of anonymization and aggregation techniques, while meticulously preserving the integrity of underlying mobility patterns, is absolutely essential for the secure and ethical utilization of data by municipalities and government entities for civic innovation.

We invite you to connect with us to explore how you can access our anonymized and aggregated daily mobility datasets. These datasets, invaluable for inferring people-density, macro-mobility patterns, and trip-hop analyses, cover 9000 cities and metropolitan areas across 60 countries, empowering data-driven decision-making for a more efficient and livable urban future.

About CITYDATA.ai

CITYDATA.ai brings mobility big data + AI to make cities smarter, sustainable, and more resilient. We provide insights about people counts, density patterns, movement trends, economic impact, and community engagement.

Founded in 2020 in San Francisco, California, CITYDATA.ai provides fresh, accurate, daily insights that are essential for smart city programs, economic development, urban planning, mobility and transportation, tourism, parks and recreation, disaster mitigation, sustainability, and resilience.

You can reach us via email at business@citydata.ai if you’d like to discuss your data needs and use cases. You can also follow the company on Linkedin, and the UniverCity.ai blog to stay updated on the newest innovations in big data and AI for the public sector.

Read more