期刊名称:Proceedings on Privacy Enhancing Technologies
电子版ISSN:2299-0984
出版年度:2021
卷号:2021
期号:1
页码:64-84
DOI:10.2478/popets-2021-0005
语种:English
出版社:Sciendo
摘要:The calibration of noise for a privacypreserving mechanism depends on the sensitivity of the query and the prescribed privacy level. A data steward must make the non-trivial choice of a privacy level that balances the requirements of users and the monetary constraints of the business entity. Firstly,we analyse roles of the sources of randomness, namely the explicit randomness induced by the noise distribution and the implicit randomness induced by the data-generation distribution,that are involved in the design of a privacy-preserving mechanism. The finer analysis enables us to provide stronger privacy guarantees with quantifiable risks. Thus,we propose privacy at risk that is a probabilistic calibration of privacypreserving mechanisms. We provide a composition theorem that leverages privacy at risk. We instantiate the probabilistic calibration for the Laplace mechanism by providing analytical results. Secondly,we propose a cost model that bridges the gap between the privacy level and the compensation budget estimated by a GDPR compliant business entity. The convexity of the proposed cost model leads to a unique fine-tuning of privacy level that minimises the compensation budget. We show its effectiveness by illustrating a realistic scenario that avoids overestimation of the compensation budget by using privacy at risk for the Laplace mechanism. We quantitatively show that composition using the cost optimal privacy at risk provides stronger privacy guarantee than the classical advanced composition. Although the illustration is specific to the chosen cost model,it naturally extends to any convex cost model. We also provide realistic illustrations of how a data steward uses privacy at risk to balance the tradeoff between utility and privacy.