Users generate a finite series of sensitive data over time, which are processed in batch mode in a secure and private way locally (or by a trusted curator) and are later published in order to be consumed by potentially adversarial data analysts.
% Users generate sensitive data, which are processed in a secure and private way by a trusted curator and are later published in order to be consumed by potentially adversarial data analysts.
%The data unit produced by the users is an \emph{event}, i.e., a piece of timestamped user-related information.\kat{should we say geo-stamped?}.
% Data are produced as a series of events, which we call time series.
% An \emph{event} is defined as a triple of an identifying attribute of an individual and the possibly sensitive data at a timestamp.
\item\textbf{Data generators} (users) entity $E_g$ interacts with a crowdsensing application and produces continuously privacy-sensitive data items in an arbitrary frequency during the application's usage period $T =(i)_{i \in\mathbb{N}}$.
Thus, at each timestamp $t$, $E_g$ generates a data set $D_i \in\mathcal{D}$ where each of its members contributes a single data item.
Following the \emph{global} processing and publishing scheme, $E_p$ collects at $t$ a data set $D_i$ and privacy-protects it by applying the respective privacy mechanism $\mathcal{M}_i$.
$\mathcal{M}_i$ uses independent randomness such that it satisfies $\varepsilon_i$-differential privacy.
\item\textbf{Data consumers} (possibly adversarial) entity $E_c$ receives the result $\mathbf{o}_i$ of the privacy-preserving processing of $D_i$ by $E_p$.
According to Theorem~\ref{theor:compo-seq-ind}, the overall privacy guarantee of the outputs of $\mathcal{M}$ is equal to the sum of all the privacy budgets of the respective privacy mechanisms that compose $\mathcal{M}$, i.e.,~$\sum_{i \in T}\varepsilon_i$.
We argue that in continuous user-generated data publishing, events are not equally significant in terms of privacy.
We term a significant event---according to user- or data-related criteria---as a \emph{\thething}~event.
The identification of {\thething} events can be performed manually or automatically, and is an orthogonal problem to ours.
% and we address it subsequently in Section~\ref{subsec:lmdk-sel-sol}.
First, we consider the {\thething} timestamps, i.e.,~their position in time, non-sensitive and provided by the user as input along with the privacy budget $\varepsilon$.
For example, events $p_1$, $p_3$, $p_5$, $p_8$ in Figure~\ref{fig:lmdk-scenario} are {\thething} events.
In Definition~\ref{def:thething-evnt}, we formally introduce {\thethings} in the context of privacy-preserving data publishing.
Definition~\ref{def:thething-nb} extends the notion of neighboring data sets (see Section~\ref{subsec:prv-statistical}) to the context of {\thethings}.
Two time series of the same length, with common starting and ending timestamps, are \emph{{\thething} neighboring} when their elements are pairwise, i.e.,~at the same timestamps, equal or neighboring and their neighboring elements are on common {\thethings} and/or at most on one regular event.
% For example, the time series ($p_1$, \dots, $p_8$) with {\thethings} set the \{$p_1$, $p_3$, $p_5$\} is {\thething} neighboring to the time series of Figure~\ref{fig:lmdk-scenario}.
In Definition~\ref{def:thething-prv}, we proceed to propose \emph{{\thething} privacy}, a configurable variation of differential privacy for time series with significant events.
Let $\mathcal{M}$ be a privacy mechanism with range $\mathcal{O}$ and domain $\mathcal{S}_T$ being the set of all time series with length $|T|$, where $T$ is a sequence of timestamps.
$\mathcal{M}$ satisfies {\thething}$\varepsilon$-differential privacy (or, simply, {\thething} privacy) if for all sets $O \subseteq\mathcal{O}$, and for every pair of {\thething}-neighboring time series $S_T$, $S_T'$, it holds that
User-level privacy can achieve {\thething} privacy, but it over-perturbs the final data by not distinguishing between {\thething} and regular events.
Theorem~\ref{theor:thething-prv} states how to achieve the desired privacy goal for the {\thethings} and any event, i.e.,~a total budget less than $\varepsilon$, and at the same time provide better utility overall.
Let $\mathcal{M}$ be a mechanism with input a time series $S_T$, where $T$ is the set of the involved timestamps, and $L \subseteq T$ be the set of {\thething} timestamps.
$\mathcal{M}$ is decomposed to $\varepsilon$-differential private sub-mechanisms $\mathcal{M}_t$, for every $t \in T$, which apply independent randomness to the event at $t$.
All mechanisms use independent randomness, and therefore for a time series $S_T =(D_i)_{i \in T}$ and outputs $(\pmb{o}_i)_{i \in T}\in O \subseteq\mathcal{O}$ it holds that
$D_i$ and $D'_i$ are neighboring for $i \in L \cup\{t\}$.
$\mathcal{M}_i$ is differential private and from Definition~\ref{def:dp} we get that $\frac{Pr[\mathcal{M}_i(D_i)=\pmb{o}_i]}{Pr[\mathcal{M}_i(D'_i)=\pmb{o}_i]}\leq e^{\varepsilon_i}$.
For any $O \in\mathcal{O}$ we get $\frac{Pr[\mathcal{M}(S_T)\in O]}{Pr[\mathcal{M}(S'_T)\in O]}\leq e^{\sum_{i \in L \cup\{t\}}\varepsilon_i}$.
If the formula of Theorem~\ref{theor:thething-prv} holds, then we get $\frac{Pr[\mathcal{M}(S_T)\in O]}{Pr[\mathcal{M}(S'_T)\in O]}\leq e^\varepsilon$.
