Choosing Epsilon for Privacy as a Service

Authors: Sara Krehbiel (University of Richmond)

Volume: 2019
Issue: 1
Pages: 192–205

Download PDF

Abstract: In many real world scenarios, terms of service allow a producer of a service to collect data from its users. Producers value data but often only compensate users for their data indirectly with reduced prices for the service. This work considers how a producer (data analyst) may offer differential privacy as a premium service for its users (data subjects), where the degree of privacy offered may itself depend on the user data. Along the way, it strengthens prior negative results for privacy markets to the pay-for-privacy setting and develops a new notion of endogenous differential privacy. A positive result for endogenous privacy is given in the form of a class of mechanisms for privacy-as-a-service markets that 1) determine  using the privacy and accuracy preferences of a heterogeneous body of data subjects and a single analyst, 2) collect and distribute payments for the chosen level of privacy, and 3) privately analyze the database. These mechanisms are endogenously differentially private with respect to data subjects’ privacy preferences as well as their private data, they directly elicit data subjects’ true preferences, and they determine a level of privacy that is efficient given all parties’ preferences.

Keywords: differential privacy, data-dependent privacy, mechanism design, markets for privacy

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.