Dyn-Pri: A Dynamic Privacy Sensitivity Assessment Framework for V2G Interactive Service Scenarios

Abstract

In V2G service operations, highly efficient data sharing among participants is useful in grid load balancing and renewable energy integration. However, the data quality and sharing efficiency greatly rely on entities’ willingness to share. Moreover, there is no rational assessment framework for the privacy sensitivity of sharing data, which highly affects data sharing willingness. Existing privacy sensitivity assessment methods rely on static privacy attributes and fail to rationally assess privacy threats within V2G service scenarios. To address these limitations, this paper proposes Dyn-Pri, a novel multi-dimensional privacy sensitivity assessment framework for large-scale V2G interactive service scenarios. Dyn-Pri features an adaptive comprehensive multi-dimensional quantification model that integrates both the three privacy elements’ intrinsic effects and the dynamic, intertwining influences among them. The experimental validations in three typical V2G scenarios demonstrate that Dyn-Pri has significant advantages in the precision of sensitivity assessments, and balancing data utilization and privacy protection enhances renewable energy integration efficiency while ensuring cross-domain data security.

1. Introduction

With the deep integration and application of Internet of vehicles technology in the energy Internet, the interactive service between electric vehicles and the smart grid is accelerating, thereby promoting the deep coupling of electric vehicles and power systems in service of digitalization and intelligence [1]. As a key infrastructure supporting new energy consumption, the vehicle-to-grid (V2G) interactive service system can provide decision support for charging load prediction and power grid frequency modulation response by obtaining interactive data such as vehicle battery status and charging demand in real time [2]. However, the multi-agent sharing characteristics of massive vehicle–grid interaction data sourced from multiple vehicles mean that the V2G system faces complex privacy security challenges. First, charging pile/station operators must collect sensitive information (e.g., users’ charging locations and periods) in real time to optimize scheduling strategies. Notably, the correlative analysis of spatiotemporal trajectory data and electricity consumption patterns may inadvertently reveal users’ travel behaviors [3]. Second, under the dynamic electricity pricing mechanism, user charging strategy and grid load regulation form a two-way game, and charging and discharging control instructions are vulnerable to man-in-the-middle attacks during transmission [4], which may cause the double risk of user privacy leakage and grid dispatch instructions tampering. Third, although the sharing of charging load data among multiple operators can improve the efficiency of new energy consumption, cross-domain data circulation increases the leakage risk of sensitive data such as [5] user payment information and charging preferences. Ensuring data privacy security in the V2G interactive service system has become the core premise by which to facilitate its safe operation and the release of data value within it.

Existing studies mainly quantify the sensitivity based on information entropy [6], differential privacy [7], and other theories. While these approaches provide valuable insights, they face critical limitations in addressing the dynamic and multi-agent nature of V2G systems. Gao et al. [8] proposed the privacy loss entropy model to calculate the privacy leakage risk of data sharing through conditional probability. Huang et al. [9] used the theory of set pair analysis to construct an uncertainty measurement framework to reflect the influence of background knowledge evolution on privacy exposure. However, these methods are overly reliant on the static analysis of objective data attributes (such as charging power, state of charge (SoC) value, etc.) and do not fully account for the unique dynamic factors of vehicle–grid interaction, such as the impact of real-time electricity price fluctuation on user charging strategy, and the time-varying sensitivity of grid frequency modulation demand to charging and discharging control instructions. On the other hand, they lack quantitative modeling of multi-agent privacy game, especially the conflict balance between charging pile operators’ data utilization benefits and users’ privacy protection demands [10], rendering existing evaluation models less adaptable to the dynamic collaborative needs of V2G services.

To address these limitations, this paper proposes a multidimensional privacy sensitivity assessment framework for V2G service, i.e., Dyn-Pri. First, we establish a quantification method of privacy sensitivity from multiple privacy elements, which incorporates the objective privacy sensitivity of information, the subjective privacy sensitivity influenced by the operational context of V2G services, and the subjective privacy sensitivity affected by V2G service participants’ security experiences. Second, we extend the quantification method to consider the dynamic intertwining influences among multiple privacy elements. Finally, we construct a dynamic comprehensive privacy sensitivity assessment model that integrates both the privacy elements’ intrinsic effects and the dynamic intertwining influences. Through experimental validations for four types of electric vehicle (EV) users, with privacy preferences and awareness levels within four types of V2G services across three typical V2G scenarios, we validate the feasibility of Dyn-Pri and also analyze its advantages to support V2G service operation, such as demand-side response (DR).

In summary, the main contributions of the paper are as follows:

(1)

Three-Element Quantification Privacy Sensitivity Model: We decompose privacy sensitivity into (I) objective data attributes, (C) context-driven subjective risk, and (P) participant-experience-based subjective risk, quantifying each with dedicated indicators. Its novelty lies in the unification of objective and dual subjective factors.

(2)

Dynamic Intertwining Extension: We extend the static three-element model by explicitly capturing and learning the real-time, bidirectional influences among I, C, and P, replacing fixed weights with reinforcement learning-driven adaptive mappings. Its novelty lies in the explicit modeling of time-varying bidirectional effects.

(3)

Self-Optimizing Holistic Model: We integrate the intrinsic scores and learned intertwining effects into a single holistic score that self-optimizes across varying V2G scenarios, validated against four EV-user privacy profiles in four distinct V2G services across three operational scales, demonstrating superior accuracy and demand-side response support. Its novelty lies in the closed-loop, scenario-aware calibration.

The rest of our paper is organized as follows: Section 2 presents Dyn-Pri, detailing its three-element privacy sensitivity model (I, C, P) and the reinforcement learning mechanism that captures their dynamic interdependencies. Section 3 describes the experimental setup, datasets, and three representative V2G scenarios used for validation, and also reports the validation results, demonstrating Dyn-Pri’s accuracy, adaptability, and benefits for demand-side response. Section 4 concludes the paper with key findings, limitations, and future research directions.

2. Dyn-Pri: A Privacy Sensitivity Assessment Framework for V2G Interaction Service Scenarios

Privacy sensitivity is the degree of risk or concern regarding the potential leakage of shared data, shaped by both objective data attributes and subjective factors like user perceptions and contextual dynamics [11,12]. The existing literature predominantly quantifies privacy sensitivity with information entropy, differential privacy, or set pair analysis models. While these techniques yield useful benchmarks, they are inherently static since they treat data attributes such as charging power or state-of-charge as fixed inputs and neglect the dynamic, multi-agent realities of V2G ecosystems. Specifically, they overlook time-varying contextual factors and strategic interactions between heterogeneous stakeholders. Consequently, current metrics cannot adapt to the continuously evolving, collaborative requirements of V2G services. This gap has motivated us to design a new framework that explicitly models both the dynamic context and multi-agent privacy game.

In the V2G interaction service operations, the privacy sensitivity of sharing information is shaped by a multitude of privacy elements rooted in the intrinsic sensitive attributes of information, the extrinsic service context, and EV user’s security experience. This paper designs a holistic privacy sensitivity assessment framework that integrates the intrinsic effects and intertwining influences of the subjective and objective privacy elements of the sharing information during V2G service operations for short Dyn-Pri. It not only quantifies the inherent objective privacy sensitivity of the data itself but also evaluates the subjective privacy threats perceived by information owners from the viewpoint of scenario entities. Moreover, it explores the dynamic intertwining influences across various operational scenarios to reflect the aging of information sensitivity. According to this technical idea and roadmap, an interdependent characterization model for privacy sensitivity of data sharing in the V2G system is subsequently established, as depicted in Figure 1, which comprises three key privacy elements:

• I: The sharing data’s objective privacy sensitivity.
• C: The sharing data’s subjective privacy sensitivity related to the V2G service operational context.
• P: The sharing data’s subjective privacy sensitivity related to the privacy security experiences of V2G service participants.

The model effectively demonstrates the complex interdependent relationships among three key privacy elements in two forms (i.e., the intrinsic effects from each privacy element and the dynamic intertwining influences among the elements). Futhermore, it provides a rational way to assess the privacy sensitivity of sharing data, to comprehend the sensitive information during V2G service, and to identify privacy protection needs for the sharing of sensitive information in various V2G interaction scenarios.

Figure 1. The interdependent characterization model for privacy sensitivity.

Figure 1. The interdependent characterization model for privacy sensitivity.

2.1. The Privacy Sensitivity Quantification Method Compounding the Respective Intrinsic Effects of Privacy Elements for V2G Interaction Service Scenarios

2.1.1. Objective Privacy Sensitivity of Sharing Information in V2G Interaction Service

The sharing information in V2G service typically consists of structured datasets generated through operational status collection, electrical parameter sensing, and control command transmission under predefined protocols. Its privacy implications are not only closely tied to data acquisition protocols but also depend on the sensitive data attributes of individual entities embedded within the datasets. Furthermore, the privacy of sharing information related to V2G service operation often exhibits some temporal dynamics. On the one hand, its privacy sensitivity is impacted by the sampling definition characteristics (i.e., sampling interval and sampling time span); on the other hand, its sensitivity is time-varying and inherently correlated with its freshness aging from its creation to elapsing. Therefore, this paper designs an objective privacy sensitivity quantification model for sharing information within V2G service operation, which incorporates three objective privacy-associated aspects, i.e., information attribute-related sensitivity I_a, information sampling definition-related sensitivity I_s, and information freshness-related sensitivity I_t.

(1) Information attribute-related sensitivity I_a: This is a sensitive mapping based on the information’s attributes. For the structured sharing dataset D = {D₁, D₂ … D_m} of m users, we can select one non-negative sensitive mappings f_j for the j-th attribute within each dataset D_i, then numerically process and obtain its information attribute-related sensitivity I_a as follows:

$$I_a=\sum _{i=1}^m\sum _{j=1}^n{f}_j\left(d_{ij}\right)$$

(1)

where d_ij is the j-th attribute item of the user i’s dataset D_i, and f_j is its sensitive mapping function. For example, for a dataset containing charging times and battery states of charge (SoC), the mapping functions f_j could be instantiated as follows:

$f_1(t)={\displaystyle \frac{1}{1+e^{-t}}}$, which normalizes the charging time t to [0,1].

$f_2(SoC)={\displaystyle \frac{\mathrm{S}\mathrm{o}\mathrm{C}}{100}}$, which maps the battery state of charge (SoC) as a percentage.

(2) Information sampling definition-related sensitivity I_s: This represents the privacy sensitivity from high-definition sampling information. Specifically, it is defined as follows:

$$I_s=\lambda ∆t+\left(1-\lambda \right)\delta T$$

(2)

where Δt is the sampling time interval of data collection, δT is the sampling time span of the sharing dataset, and λ is the weight coefficient of the sampling interval. For example, if the sampling interval is 10 min and the sampling time span is 24 h (1440 min), with λ = 0.5, $I_s=0.5·{\displaystyle \frac{10}{1440}}\approx 0.0035$.

(3) Information freshness-related sensitivity I_t: This is defined as the sensitive influence of information freshness and is represented by the sensitivity aging function with respect to the elapsed time of information, as shown in Equation (3), which is divided into three categories, i.e., bounded increasing function, bounded decreasing function, and constant function.

$$I_t=g\left(t_{\mathrm{e}\mathrm{l}\mathrm{a}\mathrm{p}\mathrm{s}\mathrm{e}\mathrm{d}}\right)$$

(3)

where $g$ is the sensitivity aging function, and $t_{\mathrm{e}\mathrm{l}\mathrm{a}\mathrm{p}\mathrm{s}\mathrm{e}\mathrm{d}}$ is the elapsed time since the data is created. For example, using a bounded decreasing function $g\left(t\right)=\mathrm{m}\mathrm{a}\mathrm{x}(0,1-0.01t)$ for $t$ in hours, $I_t=\max \left(0, 1-0.01·5\right)=0.95$ for data created 5 h ago, and $I_t=\max \left(0, 1-0.01·100\right)=0$ for data created 100 h ago.

In summary, based on the three objective sensitivity indicators (i.e., I_a, I_s and I_t), the inherent objective privacy sensitivity of information ontology can be specifically expressed as follows:

$$I={\alpha }_1{I}_a+{\alpha }_2{I}_s+{\alpha }_3{I}_t$$

(4)

where ${\alpha }_i$ represents the influence weight of each index on I, and ${\alpha }_1+{\alpha }_2+{\alpha }_3=1$.

2.1.2. Subjective Privacy Sensitivity Related to V2G Service Operational Context

During V2G service operations, participating entities (such as EV users, charging station operators, load aggregators, and the smart grid) exhibit simple unidirectional service-interdependent relationships and show complex multi-layered data sharing relationships across different V2G services. These two types of relationships collectively constitute a complicated V2G data sharing contextual environment, which significantly impacts the sharing data’s privacy sensitivity and raises privacy concerns among participating entities. In fact, the data sharing relationship among entities changes along with V2G service requirements and greatly influences the privacy sensitivity of V2G participants themselves and their privacy security trustworthiness. In particular, the V2G participants would inevitably reduce their willingness to share data if there were insecure associations among participants regarding privacy security in the V2G service context since they would have less confidence in the privacy security of the shared data. In essence, this logical association among entities is constructed mainly based on data sharing relationships and secondarily on service interdependence.

Formally, the V2G service operational context can be modeled as a complex associations graph [12], whose nodes denote the V2G participants, whose edges denote the data/service dependencies among them, and whose edge weights are defined by the privacy security trustworthiness of data sharing or V2G services among them. Hence, to effectively assess how the complex V2G data sharing contextual environment impacts the sharing data’s privacy sensitivity, this study proposes a quantification model, which consists of three subjective contextual influence indices featured by the V2G participant’s association graph, i.e., the privacy security trustworthiness of the V2G service operational context, the data interdependence level between participating entities, and the sensitivity of data interdependence, respectively.

(1) Privacy security trustworthiness $C_t$ for V2G service operational context: This refers to the trustworthy degree of the V2G service operational context with respect to providing privacy protection for the sharing data of V2G services. According to the logical topographical feature related to data/service-interdependent relationships within the V2G data sharing context, $C_t$ is specifically expressed as a weighted degree of interdependent relationship within the logical graph associated with the data sharing context as follows:

$$C_t=\sum _{i=1}^m{\theta }_i\sum _{G_x\in Grou{p}_i}Degree\left(G_x\right)\left(1-\rho \right)$$

(5)

where ${\theta }_i$ is the weight coefficient of each node indicated by a sharing data item or a participating entity within this graph; $Degree\left(G_x\right)$ indicates the degree of a node in this participant’s association graph; $\rho$ represents the privacy protection confidence during the data sharing between two nodes; and $Grou{p}_i$ denotes the set of nodes associated with the data sharing of the node $G_i$.

(2) Data interdependence level $C_r$ between V2G participating entities: This depicts how strong the interdependences are between different nodes with respect to data sharing. In this paper, $C_r$ is measured by the mutual dependent information between nodes $G_i$ and $G_j$ as follows:

$$C_r\left(G_i,G_j\right)=\sum _{d_i\in D_i}\sum _{d_j\in D_j}P\left(d_i{d}_j\right){\mathit{log}}_2{\displaystyle \frac{P\left(d_i{d}_j\right)}{P\left(d_i\right)\cdot P\left(d_j\right)}}$$

(6)

where $D_i$ and $D_j$ denote the dataset that can be shared between nodes $G_i$ and $G_j$, and $P\left(d_i\right)$ denotes the data interdependency probability of nodes $G_j$ to the data item $d_i$ in the dataset $D_i$. Similarly, $P\left(d_i{d}_j\right)$ denotes the probability that nodes $G_i$ and $G_j$ simultaneously have a data interdependency relationship with respect to the data items of their respective datasets.

(3) Data interdependence sensitivity $C_s$: This depicts how the privacy security of sharing data is impacted by the data interdependence between any two associated nodes, which is quantified as follows:

$$C_s=\sum _{i=1}^{m}Degree\left(G_i\right)C_r\left(i\right)$$

(7)

where $m$ denotes the number of nodes within this data interdependent graph; and $C_r\left(i\right)$ denotes the collective interdependence level of node $G_i$, which is the sum of the interdependence level of nodes in its associated node set $Grou{p}_i$, namely: $C_r\left(i\right)={\sum }_{G_j\in Grou{p}_i}{C}_r\left(G_i,G_j\right)$.

To summarize, this subsection establishes a quantification model for context-related subjective privacy sensitivity ($C$) by integrating three key indicators, i.e., privacy security trustworthiness ($C_t$) of the V2G operational context, data interdependence level ($C_r$) between participating entities, and data interdependence sensitivity ($C_s$). These indicators collectively capture the complex influence of multi-layered data sharing relationships and service interdependencies among V2G participants with respect to privacy sensitivity, with the final value of $C$ being derived through weighted summation of $C_t$ and $C_s$. Finally, the subjective privacy sensitivity $C$ impacted by V2G operational context can be specifically expressed as follows:

$$C={\beta }_1{C}_t+{\beta }_2{C}_s$$

(8)

where ${\beta }_1+{\beta }_2=1$ represents the weight coefficients of the two indicators $C_t$ and $C_s$.

2.1.3. Subjective Privacy Sensitivity Related to V2G Service Participants’ Security Experiences

In practice, even if a V2G participant shares the same piece of sensitive data (e.g., EV user’s charging behavior data and the charging pile/station’s service operational data) with different entities, it may still perceive a different privacy threat, which is varying with respect to its sharing peer. The discrepancy on privacy perception leads to different subjective assessments of this data’s privacy sensitivity. Thus, privacy sensitivity assessment is influenced not only by the V2G service operational context but also by participant’s subjective experiences of privacy threats. In other words, the extent to which a participant is willing to share its sensitive data varies significantly based on its subjective experiences regarding the data’s privacy sensitivity. In the real world, the subjective privacy security experiences of a V2G participant critically depend on its security settings, including data-access role, data sharing intention, and privacy protection requirements. Here, the V2G participant’s data access role determines its selection regarding privacy preference, which matches its privacy responsibility; its data sharing intention reflects the tradeoff regarding privacy awareness, i.e., how to promote the data utility; and its privacy protection requirements provide the boundary of privacy expectation obtained through a given privacy protection mechanism (such as data obfuscation, differential privacy, etc.). Hence, this paper proposes a quantification model of subjective privacy sensitivity related to the V2G service participants’ security experiences from the following three perspectives, i.e., privacy preference $P_r$, privacy awareness $P_a$, and privacy expectation $P_e$.

(1) Participant’s privacy preference $P_r$: This refers to the participant’s preference for different sensitive information to match its privacy responsibility [13]. Specifically, it is defined as follows:

$$P_r=\sum _{j=1}^n{p}_{ij}{f}_j\left(d_{ij}\right)$$

(9)

where $d_{ij}$ is the j-th attribute item of the participant i’s dataset D_i; $f_j\left(d_{ij}\right)$ is a sensitive mapping function with respect to the data item $d_{ij}$; and $p_{ij}$ is the weight of participant $i$’s unwillingness to be disclosed to the data item $d_{ij}$.

(2) Participant’s privacy awareness $P_a$: This refers to the privacy security awareness of a participant with respect to making a tradeoff between protecting its sensitive information from security threats and promoting the utility of sharing data [14]. It is quantified by its private data setting as follows:

$$P_a=\sum _{j=1}^n∆v_j{p}_{ij}\left({\displaystyle \frac{1}{2}}\left|{Rank}^{+}-{Rank}^{-}\right|+{\displaystyle \frac{1}{2}}\right)$$

(10)

where $v_j$ is the privacy visibility of the j-th attribute $A_j$ (it is set as 0 if the privacy visibility of $A_j$ is true; otherwise, it is set as 1); $∆v_j$ denotes its change along with the variation of participant i’s subjective experience in privacy threats; ${Rank}^{+}$ denotes the proportion of participant i’s sharing peers with stricter privacy protections; while ${Rank}^{-}$ denotes the same with slacker privacy protections.

(3) Participant’s privacy expectation $P_e$: This is the participant’s balanced expectation between privacy security and data utility under a certain privacy protection mechanism. Specifically, it is defined as the Nash equilibrium of a security utility game for a given privacy protection mechanism as follows:

$$P_e=U\left(s_p^{*},s_{-p}^{*}\right)\ge U\left(s_p,s_{-p}^{*}\right)$$

(11)

where $U$ is a data utility function; $s_p^{*}$ denotes the data sharing strategies employed to maximize the utility of the participant’s sharing data under data-disclosure unwillingness, p; while $s_{-p}^{*}$ denotes the same under data-disclosure willingness, −p.

Therefore, through the above key indicators of privacy security experience, the subjective privacy sensitivity impacted by the experiences can be specifically expressed as follows:

$$P={\gamma }_1{P}_r+{\gamma }_2{P}_a+{\gamma }_3{P}_e$$

(12)

where ${\gamma }_i$ represents the impact weight of each index on $P$, and ${\gamma }_1+{\gamma }_2+{\gamma }_3=1$.

In summary, integrating the intrinsic effect of the objective privacy element and that of the subjective ones, this study proposes a privacy sensitivity quantification method for V2G interaction service scenarios, which can be formally expressed as follows:

$$S=f\left(I,C,P,\mathsf{\Theta }\right)={\theta }_{1}I+{\theta }_{2}C+{\theta }_{3}P$$

(13)

where $S$ denotes the composite value for sharing data privacy sensitivity under a certain V2G service scenario; $I,C,P$ are the metric values of its three privacy elements; and $\mathsf{\Theta }$ is the weight vector corresponding to the privacy elements.

2.2. The Dynamic Privacy Sensitivity Quantification Method Considered the Intertwining Influences Among Privacy Elements for V2G Interaction Service Scenarios

In actual V2G interaction services, there exists a dynamic and complex intertwining among the three mentioned objective and subjective elements of privacy sensitivity, as illustrated in Figure 1, which has a considerable impact on assessment accuracy. Hence, in order to improve its assessment accuracy, this study proposes an enhanced method, i.e., a dynamic privacy sensitivity quantification method, which considers the intertwining influences to suitably reformulate each component of privacy sensitivity.

First, the collection and transmission of sharing data required by V2G service entities will vary along with the changes in the V2G service requirements or operational context. In this situation, the changing context-related element C inevitably affects the objective element $I$ from three perspectives, i.e., the sharing data’s attribute, sampling definition, and freshness, and so impacts the assessment of its objective element, privacy sensitivity. Moreover, if a sharing data owner perceives the privacy threats changing, it adjusts which data or data items are shareable, and how to share them with other entities. Likewise, the changing experience P in the situation leads to alterations in its objective privacy sensitivity. Therefore, the objective privacy element $I$ of privacy sensitivity can be reformulated by the conditional function $f_I$, depicting the intertwining influences of the other two subjective elements (i.e., the context-related one and the experience-related one) as follows:

$$I^{\prime }=f_I\left(I_a,I_s,I_t|C,P\right)$$

(14)

Second, when a V2G participant perceives that its sensitive sharing data has a large risk of privacy leakage, it will adjust both the sharing mode of its privacy data and the V2G service participation mode, which will bring changes to the V2G service context-related element $C$. Therefore, due to the change in the subjective experience-related element $P$ and its objective element $I$, the intertwining influences on the subjective context-related element $C$ can be re-expressed by the conditional function $f_C$ as follows:

$$C^{\prime }=f_C\left(C_t,C_s|I,P\right)$$

(15)

In addition, when the V2G operational context changes, the sharing scope and utility of the dataset shared among entities also varies according to actual V2G service operation needs, resulting in different privacy experiences for different impacted participations. At the same time, data owners may have different security experiences and privacy protection expectations due to changes in the data sharing environment. Hence, the dynamic intertwining influences of the objective element $I$ and the subjective context-related element $C$ on the subjective experience-related element $P$ can be expressed as follows:

$$P^{\prime }=f_P\left(P_r,P_a,P_e|I,C\right)$$

(16)

Integrating the complex intertwining effects among the three elements into the quantification method, the real-time privacy sensitivity $S^{\prime }$ is defined as a weighted sum of three conditional functions of the respective privacy elements as follows:

$$S^{\prime }=f^{\prime }\left(I^{\prime },C^{\prime },P^{\prime },\Phi \right)={\phi }_1{I}^{\prime }+{\phi }_2{C}^{\prime }+{\phi }_3{P}^{\prime }$$

(17)

where $f^{\prime }$ is the intertwining mapping function from each element to rectify privacy sensitivity $S^{\prime }$ considering the dynamic intertwining influences among the three privacy elements $I,C, P$; and $\Phi$ is the weight vector consisting of their weight coefficients ${\phi }_i$.

2.3. Dyn-Pri: A Holistic Privacy Sensitivity Assessment Model Integrating the Privacy Elements’ Intrinsic Effects with the Intertwining Influences Among Them

By integrating the privacy elements’ intrinsic effects with their dynamic intertwining influences, the holistic privacy sensitivity can be formally expressed as a weighted sum as follows:

$$S=\epsilon f\left(I,C,P,\mathsf{\Theta }\right)+\left(1-\epsilon \right)f^{\prime }\left(I^{\prime },C^{\prime },P^{\prime },\Phi \right)$$

(18)

where $\epsilon$ represents the weight coefficient vector for the intrinsic effect’s part, while $1-\epsilon$ denotes the intertwining influence’s part, which can be adaptively adjusted to realize the dynamic optimization of this assessment model according to the dominant role of the two parts.

The above model offers a method by which to compute the holistic privacy sensitivity of sharing data in V2G scenarios. However, it is difficult to obtain the computation results of actual privacy sensitivity. On the one hand, the intertwining influences among the three privacy elements (i.e., represented by $f_I$, $f_C$, and $f_P$) are difficult to evaluate via traditional methods like AHP and expert scoring; on the other hand, the intertwining influences must adapt to the significant differences and dynamic changes of the intertwining influences among different V2G service operation scenarios.

To tackle the issues, this paper proposes a dynamic assessment method for holistic privacy sensitivity based on reinforcement learning (for short Dyn-Pri). Overall, its implementation consists of two main parts, i.e., the self-learning of intertwining influences, and the self-optimization of model parameters.

First, based on Equation (17), our method accurately captures the dynamic intertwining influences $f_I$, $f_C$, and $f_P$ by self-learning the feature of actual V2G scenarios [15]. Here, we take the self-learning process of $f_P$ as an example. The second-level indicators of privacy elements I and C (i.e., {$I_a,I_s,I_t,C_t,C_s$}) are used as state inputs, and the quantified value of user privacy security experience predicted by Q-value function under the privacy element P’s intrinsic effects is defined as the action space [16]. Then, taking the difference between actual privacy sensitivity and the predicted one as the learning incentive, the system uses a neural network to approximate the $f_P$’s state-action Q-value function and output the action with the highest Q-value.

Then, by defining the state and action space and learning incentives, it designs a reinforcement learning-based self-optimization with a double-network model to update parameters in Equation (18), particularly focusing on adjusting the weighting coefficients vectors α, β, $\mathsf{\Theta }$, $\epsilon$, and Φ. Finally, this optimizes the computing results of holistic privacy sensitivity described in Equation (18), flexibly adapts to various conditions, and dynamically assess privacy sensitivity with precision.

3. Experimental Validations and Analysis

In this section, we present a series of experiments to validate the feasibility of the proposed assessment framework Dyn-Pri and to analyze its advantages to help V2G service operation through three typical V2G scenarios. The experimental validations results analysis and some advanced insights are detailed in Figure 2.

3.1. The Experimental Validation Settings and the Related V2G Service Dataset

3.1.1. The Dataset Descriptions of V2G Service Case

This study chooses V2G service operation in Shenzhen, China, as its experimental validation case, consisting of 1362 charging stations with 17,532 charging piles, as shown in Figure 1. The case offers the 1 h resolution region-level dataset and the 5-min resolution charging EV/pile dataset across an extensive six-month span (i.e., from 1 September 2022 to 28 February 2023), available in the UrbanEV repository [17], which encompasses 73 distinct data parameters outlined by China standard GB/T 32960.3-2016 [18]. In particular, UrbanEV contains key data items for each EV charging event, such as User ID, Charger ID, Charger Company, Location, Charger Type, Charging Start Datetime, Charging End Datetime, Charging Duration, Charging Volume, and Charging Start/End SoC. Beyond the EV charging data items, UrbanEV also encompasses four dynamic service settings (i.e., electricity price, charging service price, weather conditions, and time of day), three spatial attributes of charging piles/stations (i.e., adjacency, distance, and coordinates), and four static coefficients of charging sites (i.e., point of interest, area, pile number, and station number).

3.1.2. The V2G Service Operator Settings

According to the distribution of EVs and charging piles/stations within Shenzhen, China, as well as the conducting situation of V2G services, the experimental validations are carried out in the following three typical V2G scenarios: (1) A residential-level standalone EV charging scenario where EV owners only use their dedicated charging piles locating within the residential community. This scenario focuses on the privacy sensitivity assessment of charging data used for billing summaries, load scheduling optimization, and user behavior analysis to guide off-peak charging. (2) A county-level V2G interaction scenario operated by a single charging operator where EVs are frequently charged through the different assigned charging piles/stations within a single preferred charging operator. This scenario involves analyzing the ordered EV charging and discharging regulation capabilities of a county-level single charging station operator managing multiple charging stations. (3) A city-level V2G interaction scenario co-operated by multiple operators where charging resources are collaboratively allocated to EV users based on the optimized demand-side response (DR) policies. This scenario examines the privacy security perceptions of grid companies, charging operators, and EV users in a multi-party V2G interaction setting. Through the three typical V2G scenarios, we can systematically evaluate the feasibility and effectiveness of Dyn-Pri in assessing the privacy sensitivity of shared data.

3.1.3. The V2G Service Settings of EV Users and Typical Interactive Services

In these scenarios, the experimental EV users are divided into four types according to the levels of privacy preference and privacy awareness, i.e., a type-1 user with a low–low pair, a type-2 user with a low–high pair, a type-3 user with a high–low pair, a type-4 user with a high–high pair. In Shenzhen, the actual mainstream V2G services for charging operators and load aggregator include the following four types, i.e., type-1 V2G services for charging billing; type-2 services for charging load prediction, type-3 services for charging load scheduling optimization with demand-side responses; and type-4 services for charging behavior analysis to guide off-peak charging.

3.1.4. The Default Hyper-Parameters of Reinforcement Learning During Dyn-Pri’s Self-Optimization

Here, the default hyper-parameters of the reinforcement learning are set as follows: learning rate—1 × 10⁻³; discount factor—0.95; replay-buffer size—50,000; and a double-DQN with two hidden layers (128 × 64 ReLU units) [15]. We also include the convergence criterion, i.e., training stops, when the rolling-window average reward changes by less than 0.1% over 5000 episodes. This information ensures full reproducibility.

3.2. The Validations of the Dyn-Pri’s Fundamental Feasibility and Capability in Assessing the Privacy Sensitivity

First of all, we address two questions regarding Dyn-Pri: (1) Can it effectively evaluate the privacy sensitivity of shared data among V2G service participants? That is, what is the feasibility of Dyn-Pri in privacy sensitivity assessment? (2) Can it distinguish the differences in the privacy sensitivity of shared data among participants with different attributes when they engage in various V2G service operations? In other words, what are Dyn-Pri’s basic capabilities in terms of privacy sensitivity assessment? To this end, we designed two validation schemes: (1) assessing the privacy sensitivity of data shared by each type of EV user for each type of V2G service, primarily to answer question (1) by verifying its feasibility in assessing privacy sensitivity across diverse V2G scenarios, as shown in Figure 3; and (2) identifying the differences in privacy sensitivity under various factors such as varying participant attributes, service types, and sharing data sampling time interval, primarily to address question (2) by examining its fundamental capability, as shown in Figure 4.

Figure 3 not only shows how Dyn-Pri assesses privacy sensitivity for different EV users across various V2G services but also exhibits the differences in privacy sensitivity for different across diverse V2G scenarios. EV users are categorized into four types based on privacy preferences and awareness. The results in Figure 3 reveal its feasibility in assessing privacy sensitivity for each type of EV user within each type of V2G service and provide significant insight into the positive correlation between Dyn-Pri’s assessed privacy sensitivity and EV users’ privacy experiences in a V2G service context. Specifically, services like V2G service-4, which involve constructing charging behavior portraits, have higher sensitivity values than others, such as the billing summaries in V2G service-1. This highlights Dyn-Pri’s ability to capture the relationship between sharing data usage methods and user privacy demands, reflecting its accuracy in showing how diverse user requirements and privacy experiences affect final sharing data’s privacy sensitivity across different user types and V2G service contexts.

Moreover, we further validate Dyn-Pri’s fundamental capability to discern the impact of the objective privacy aspects of shared data on privacy sensitivity. Here, taking one of aspects (i.e., information sampling time interval) as an example, we demonstrate Dyn-Pri’s ability to reveal how varying the sampling time interval influences privacy sensitivity. As shown in Figure 4, the assessment results show that Dyn-Pri can distinguish the effects of varying the sampling time interval on privacy sensitivity. For a sampling time interval from 5 min, 1 h, 1 day, 1 week, 1 month, and 1 season in the same V2G service context (e.g., V2G service-3), the longer the sampling time interval of shared data, the lower the privacy sensitivity of all participants. This decrease is the slowest for type-4 EV users, fastest for type-2 and type-3 EV users, and has the least impact on type-1 EV users. This underscores its versatility and precision in privacy assessments.

3.3. The Analysis of Impact Factors on Privacy Sensitivity Assessment of Dyn-Pri

In V2G services, privacy sensitivity of shared data is influenced not only by participant’s attributes, service types, and sharing data sampling time interval (as analyzed in Figure 3 and Figure 4) but also by many other factors. Hence, we focus on the impact of the scale proportion of shared data with a sampling interval of 5 min. According to Chinese standard GB/T 32960.3-2016, 73, distinct data parameters can be shared among V2G participants. Figure 5 explores how the privacy sensitivity is impacted by varying sharing percentages of 73 distinct data parameters, including user ID, charger ID, and charging duration. The results in Figure 5 shows that sharing percentages affects different types of EV users and V2G services in various ways. For type-4 EV users (with strict privacy preference and awareness requirements), the privacy sensitivity CDF (cumulative distribution function) curve is at its steepest when the shared data parameter proportion varies from 5% to 18%, and it is relatively flat between 20% and 58%. Conversely, for type-1 EV users (with less strict requirements), the CDF curve is the least steep even when the proportion varies from 5% to 70%. The analysis results highlight the nonlinear relationship between the percentage of shared data parameters and privacy sensitivity. Moreover, there is a critical point where additional data sharing yields diminishing returns in terms of privacy sensitivity, e.g., the point (18%, 0.26) for type-1 EV users. This finding is crucial for participants in how to balance data utility and privacy protection in V2G services. It provides insights into optimizing data sharing practices to enhance privacy protection while maintaining operational efficiency.

3.4. The Validations of Privacy Sensitivity Differentiation in the Intertwining Influences

Among the three mentioned typical V2G service scenarios, county-level and city-level scenarios can aggregate large-scale EV charging/discharging loads to participate in V2G interactions through demand-side response and ordered charging/discharging. When EV users engage in V2G interactions via demand-side response (DR), there exist many dynamic intertwining influences among privacy elements I (objective privacy sensitivity), C (contextual privacy sensitivity), and P (participant-based privacy sensitivity), which affect V2G participants’ data-willingness to share and data utility, directly impacting DR operational efficiency and their experiences on the privacy sensitivity assessment accuracy. Here, taking the spatial adjacency of charging piles/stations serving EV users as an example of these intertwining influences, we analyze whether Dyn-Pri can distinguish differences between them. In practice, the spatial adjacency has an effect on EV users’ charging behaviors and exposes their privacy since the spatial distribution of charging piles/stations often links to PoI (i.e., point of interest) info related to EV user activities. As usual, the EV user may charge not only at their preferred charging stations but also at some neighbor stations within a few hops of them.

Hence, we first validated Dyn-Pri’s assessment differentiation of the privacy sensitivity of shared data with different granularity of spatial adjacency (measured by hop count) across different V2G scenarios, i.e., the ones managed by a single charging operator and the ones involving multiple charging operators. Specifically, we focused on type-3 EV users in V2G service-3, as shown in Figure 6a,b. The results showed that Dyn-Pri can effectively capture these differences. In county-level V2G service scenarios, as shown in Figure 6a, charging stations managed by a single operator have less complex spatial adjacency, leading to smaller privacy sensitivity differences. In city-level V2G service scenarios, as shown in Figure 6b, the collaborative allocation of charging resources across multiple operators results in more complex spatial adjacency relationships, causing more pronounced privacy sensitivity differences. In summary, Figure 6 demonstrates how spatial adjacency (hop count) modulates privacy sensitivity in county-level versus city-level V2G scenarios. The limited station interconnection under a single-operator county V2G service scenario produces smaller hop counts and hence modest sensitivity differences, while richer spatial charging service links under multi-operator city V2G service scenarios can provide markedly higher and more dispersed sensitivity scores as hop count increases. Obviously, Dyn-Pri successfully captures these regime-specific disparities.

Then, we compared Dyn-Pri’s performance differences without the intertwining influences, focusing on user type-3 within a city-level V2G service-3 scenario to support demand-side response. As shown in Figure 7, the results show that the median privacy sensitivity is higher when these influences are taken into account. Moreover, as the EV user population for V2G services increases, especially when the percentage of EV users participating in the DR service varies from 10% to 60%, the statistical distribution of privacy sensitivity becomes more dispersed and more severe outliers. Hence, the validation indicates that Dyn-Pri can effectively differentiate privacy sensitivity under varying spatial adjacency conditions when considering the intertwining influences among privacy elements and also highlights the importance of spatial adjacency in accurately assessing privacy risks.

Figure 8 illustrates the cumulative distribution function (CDF) of privacy sensitivity assessment results for type-3 EV users under three different spatial adjacency conditions, i.e., the spatial adjacency-based intertwining influence of hop-4 and hop-2 and not considering these influences. The CDF curves show that when spatial adjacency is considered (especially within closer hop ranges), the privacy sensitivity values are generally higher, indicating increased privacy risks due to the complex relationships between charging stations. As the hop count increases, the distribution of privacy sensitivity becomes more spread out, suggesting that the impact of spatial adjacency diminishes with distance. In contrast, ignoring these intertwining influences results in a lower and narrower distribution of privacy sensitivity values, which may underestimate the actual privacy risks faced by EV users. Dyn-Pri’s ability to capture these differences underscores its effectiveness in providing a more accurate and nuanced assessment of privacy sensitivity in V2G interactions.

In summary, the validations demonstrate Dyn-Pri’s effectiveness in assessing privacy sensitivity across different V2G scenarios. Dyn-Pri accurately evaluates privacy sensitivity for EV users with diverse privacy preferences and awareness levels, exhibiting its ability to capture the relationship between data usage and user privacy demands. It also effectively distinguishes privacy sensitivity differences caused by varying service types and data sharing time spans. The results show that Dyn-Pri can reflect the nonlinear relationship between shared data parameters and privacy sensitivity, providing insights into optimizing data sharing practices. Furthermore, Dyn-Pri effectively differentiates privacy sensitivity under varying spatial adjacency conditions when considering intertwining influences among privacy elements, proving its capability to assess privacy risks accurately in complex V2G environments. Overall, these experiments confirm Dyn-Pri’s reliability and adaptability in privacy sensitivity assessment for V2G services.

3.5. The Computational Complexity Analysis of Dyn-Pri

The computational complexity of Dyn-Pri primarily consists of three distinct parts: First, the basic quantification module involves weighted summation of multi-dimensional indicators when calculating the objective privacy sensitivity (I), context-related subjective sensitivity (C), and participant experience-related subjective sensitivity (P), with a time complexity of O (n), where n is the number of data attributes or participants. Second, the dynamic intertwining influence module captures the dynamic relationships among the three elements through reinforcement learning, whose core is the neural network approximation of the Q-value function, resulting in a time complexity of O (k·m), where k is the number of training iterations and m is the dimension of the state space. Third, the overall assessment model integrates the results of the above two parts, with a time complexity of O (1). In summary, the total time complexity of Dyn-Pri can be expressed as O (n + k·m), where n is the scale of basic data, and k and m are related to reinforcement learning training.

4. Conclusions

This paper presents Dyn-Pri, a novel multidimensional privacy sensitivity assessment framework for V2G interactive service scenarios. Dyn-Pri addresses the limitations of existing privacy sensitivity assessment methods by incorporating a comprehensive multi-dimensional quantification model that integrates objective and subjective privacy elements. It also considers the dynamic coupling relationships among these elements. Through experimental validations across three typical V2G scenarios, i.e., residential EV charging, county-level charging station regulation, and city-level multi-operator V2G interactions, the results demonstrate that Dyn-Pri significantly improves the precision of sensitivity assessments. It effectively balances data utilization and privacy protection, thereby enhancing renewable energy integration efficiency while ensuring cross-domain data security. The experimental outcomes confirm Dyn-Pri’s feasibility and effectiveness in assessing privacy sensitivity across diverse V2G scenarios. Future research will explore the integration of Dyn-Pri with transfer learning to broaden its applicability in various power-related scenarios, providing practical guidance for data pricing and privacy protection in emerging power market trends and cross-domain information fusion.

Though the experimental validations in Section 3 have validated Dyn-Pri’s functionality and performance, there still exists some limitations to be addressed in future research, including how to perform incremental privacy sensitivity assessments that capture both the commonalities and the distinct requirements of diverse V2G services, and how to remain fully aligned with current vehicle-to-charger communication standards and their evolving data collection capabilities. Of course, the issues mentioned will be the primary focus of our forthcoming Dyn-Pri+ research.