% \kat{Again, the title of the thesis is user-generated data, so there should exist also a distinction between user-generated and third party generated data. Hospital data for example, would fall in the third party generated data.}
A typical category of such data are \emph{user-generated data} which are the outcome of users--services interactions, e.g., social media, location-based services (LBS), etc.
These interactions result in the generation of \emph{data items} which are tuples that typically contain a user identifier, a timestamp, and context information (e.g.,~location, activity, etc.)
We firstly classify data based on their
% content \kat{'based on their content' reminds me of health data, trajectories, etc., not if they are aggregated or not. }:
\item\emph{Statistical data} (Table~\ref{tab:snapshot-statistical}) are the outcome of statistical processes on microdata, e.g.,~average, count, sum, etc.
Users interact with an LBS by making queries in order to retrieve some useful location-based information or just reporting user-state at various locations.
This user--LBS interaction generates user-related data, organized in a schema with the following attributes: \emph{Name} (the unique identifier of the table), \emph{Age}, \emph{Location}, and \emph{Status} (Table~\ref{tab:snapshot-micro}).
The `Status' attribute includes information that characterizes the user state or the query itself, and its value varies according to the service functionality.
Subsequently, the generated data are aggregated (by issuing count queries over them) in order to derive useful information about the popularity of the venues during the day (Table~\ref{tab:snapshot-statistical}).
Data, in either of these two forms, may have a special property called~\emph{continuity}, i.e.,~their values change and can be observed through time.
% \kat{The way that you define it here reminds temporal data. What is the difference?}
% \mk{It's the same, we talk about time in data, i.e., temporal data. No?}
% \kat{If you say that data may have a special property called continuity, we wonder about the existence of other properties. Be more explicit on why you choose to mention only this property.}
% \mk{OK}
Observing the evolution of the data attribute values over time may offer valuable insight regarding the underlying population not only about the past but also both about the present and future.
We further define two sub-categories, which are not exhaustive, i.e.,~not all data sets belong to the one or the other category, applicable to both finite and infinite data:
% \emph{sequential} and \emph{incremental} data; these two subcategories are not exhaustive, i.e.,~not all data sets belong to the one or the other category.
\item\emph{Sequential data} have variable values that change depending on their previous values.
For example, trajectories are finite sequences of location stamps, as naturally the position at each timestamp is connected to the position at the previous timestamp.
\item\emph{Incremental data} are augmented at each subsequent timestamp with supplementary information.
For example, trajectories can be considered as incremental data when at each timestamp we consider all the previously visited locations by an individual incremented by the individual's current position.
\item\emph{Global scheme} (Figure~\ref{fig:scheme-global}) dictates the collection, processing and privacy-protection, and then publishing of the data by a central (trusted) entity, e.g.,~\cite{mcsherry2009privacy, blocki2013differentially, johnson2018towards}.
\item\emph{Local scheme} (Figure~\ref{fig:scheme-local}) requires the storage, processing and privacy-protection of data on the side of data generators before sending them to any intermediate or final entity, e.g.,~\cite{andres2013geo, erlingsson2014rappor, katsomallos2017open}.
\caption{The usual flow of user-generated data, optionally harvested by data publishers, privacy-protected, and released to data consumers, according to the (a)~global, and (b)~local privacy schemes.}
The service-centric methods correspond to scenarios where individuals share their privacy-protected location with a service to get some relevant information (local publishing scheme).
The data-centric methods relate to the publishing of user-generated data to data consumers (global publishing scheme).
% \kat{I do not get the data-centric methods.. Can't data-centric be also service centric ? E.g., we publish our data to get back some service? Moreover, what is exactly the link between local and global and service and data centric? One to one ?}
There is a long-standing debate whether the local or the global architectural scheme is more efficient with respect to not only privacy, but also organizational, economic, and security factors~\cite{king1983centralized}.
On the one hand, in the global privacy scheme (Figure~\ref{fig:scheme-global}), the dependence on third-party entities poses the risk of arbitrary privacy leakage from a compromised data publisher.
Nonetheless, the expertise of these entities is usually superior to that of the majority of (non-technical) data generators' in terms of understanding privacy permissions/\allowbreak policies and setting-up relevant preferences.
Moreover, in the global architecture, less distortion is necessary before publicly releasing the aggregated data set, naturally because the data sets are larger and users can be `hidden' more easily.
On the other hand, the local privacy scheme (Figure~\ref{fig:scheme-local}) facilitates fine-grained data management, offering to every individual better control over their data~\cite{goldreich1998secure}.
Most service-providing companies prefer the global scheme, mainly for reasons of better management and control over the data, while several privacy advocates support the local privacy scheme that offers users full control over what and how data are published.
Although there have been attempts to bridge the gap between them, e.g.,~\cite{bittau2017prochlo}, the global scheme is considerably better explored and implemented~\cite{satyanarayanan2017emergence}.
\item\emph{Snapshot mode} (also appearing as \emph{one-shot} or \emph{one-off} publishing) processes and releases a data set at a specific point in time and thereafter is not concerned anymore with the specific data set.
For example, in Figure~\ref{fig:mode-snapshot} (ignore the privacy-preserving step for the moment) individuals send their data to an LBS provider, considering a specific timestamp.
The use cases of continuous data publishing abound, with the proliferation of the Internet, sensors, and connected devices, which produce and send to servers huge amounts of continuous personal data in astounding speed.
\item\emph{Continuous mode} computes and publishes augmented or updated versions of one data set in different timestamps, and without a predefined duration.
In the context of privacy-preserving data publishing, privacy preservation is tightly coupled with the data processing and publishing stages.
% \kat{This can be the introductory sentence of the sub-section, but does not fit here.}
% \kat{but so far you have already presented other categories for processing and publishing; why do you say here two main modes?}
% As already discussed in Section~\ref{ch:intro}, in this thesis we are studying the continuous data publishing mode, and thus we do not include works considering the snapshot paradigm.
% We have made this choice because privacy-preserving continuous data publishing is a more complex problem, receiving more and more attention from the scientific community in the recent years, as shown by the increasing number of publications in this area.
% \kat{this was a good argumentation but for the survey, not for the thesis..}
The different data processing and publishing modes of continuously generated data sets.
(a)~Snapshot publishing, (b)~continuous publishing--batch mode, and (c)~continuous publishing--streaming mode.
$\pmb{o}_x$ denotes the privacy-protected version of the data set $D_x$ or statistics thereof, while `\dots' denote the continuous data generation and/or publishing, where applicable.
Depending on the data observation span, $n$ can either be finite or tend to infinity.
% \kat{We cannot see in these scenarios the continuous querying of the same snapshot.}
% \mk{Does this appear anywhere in the literature?}
