Supervisors. Benjamin Nguyen (benjamin.nguyen@insa-cvl.fr), Nicolas Anciaux (nicolas.anciaux@inria.fr) Applications can be sent by email (CV and cover letter).
Context. Teleworking has become a social achievement in the wake of the COVID-19 pandemics. In many professions, remote work is now a common practice, either at the employee’s home or in a shared space nearby. However, this also creates a dilemma generated by legitimate but contradictory expectations: employers want to monitor their employees’ activity for efficiency and team cohesion reasons, while employees and their surroundings are concerned about a form of invasive surveillance of their private sphere. These conflicting expectations create legitimate tensions between the two parties, balancing the need to monitor employees’ work and the respect for their privacy. Existing privacy protection solutions, based on techniques such as data aggregation, anonymization, differential privacy or restricting data collection to certain hours, suffer from either a significant loss of data utility or a low level of privacy.
Objectives. The main objective of this PhD thesis is to design and implement a new privacy protection solution, based on consent and taking into account the specificities of the teleworking context, to reconcile the respective needs of employers and employees.
Challenges. The PhD student will be involved in defining a new privacy model, propose new algorithms to identify sensitive information patterns in time series and obfuscate private patterns, and implement the proposal in a realistic setting and considering the data security aspects. The main challenges can be further defined as follows:
- Define a privacy model for teleworking that considers the specificities of remote work environments;
- Develop algorithms to accurately identify sensitive information patterns in data series that can represent private activities of employees;
- Propose a data masking/obfuscating approach that ensures privacy of private patterns while maintaining the utility of work patterns in time series;
- Implement the proposed solution in a realistic setting considering the security aspects of the evaluation (e.g., resorting to trusted execution environments), and evaluate its usefulness on real and synthetic datasets.
Methodology. The proposed solution will be based on a GDPR compliant consent-based approach, which allows employees to share their time series data without revealing their private information to employers. We will use multiple public datasets, such as the CASAS dataset, to validate our proposals. Python or C++ will be used to implement the proposed solution, and its usefulness will be evaluated on both real and synthetic datasets.
Expected outcomes. The proposed solution will enable employers to monitor their employees’ activities while respecting their privacy. The solution will provide accurate statistics on the activities of teleworkers by workstation and team. The proposed privacy model and algorithms for identifying sensitive information patterns in time series will contribute to the field of privacy-preserving data sharing techniques. The data masking approach will ensure privacy of private patterns while maintaining the utility of work patterns in time series. The proposed solution will be implemented in a realistic setting, considering security aspects, and evaluated on real and synthetic datasets.
References related to the subject:
M. Brahem et al.Consent-driven data use in crowdsensing platforms: When data reuse meets privacy-preservation. PerCom 2021.
L. Zhang et al. PMP: Privacy-Aware Matrix Profile against Sensitive Pattern Inference for Time Series. SDM 2023.
L. Fan et al. An adaptive approach to real-time aggregate monitoring with differential privacy. TKDE 2013.
