PriPeARL: A Framework for Privacy-Preserving Analytics and Reporting at LinkedIn

TL;DR

PriPeARL is a framework designed for privacy-preserving analytics at LinkedIn, balancing user privacy with data utility through differential privacy techniques, demonstrated via real-world ad analytics experiments.

Contribution

The paper introduces PriPeARL, a novel framework for privacy-preserving analytics inspired by differential privacy, addressing challenges of privacy, coverage, utility, and consistency in large-scale systems.

Findings

Demonstrated privacy-utility tradeoffs in ad analytics data

Validated PriPeARL's effectiveness in real-world deployment at LinkedIn

Provided insights into production challenges and lessons learned

Abstract

Preserving privacy of users is a key requirement of web-scale analytics and reporting applications, and has witnessed a renewed focus in light of recent data breaches and new regulations such as GDPR. We focus on the problem of computing robust, reliable analytics in a privacy-preserving manner, while satisfying product requirements. We present PriPeARL, a framework for privacy-preserving analytics and reporting, inspired by differential privacy. We describe the overall design and architecture, and the key modeling components, focusing on the unique challenges associated with privacy, coverage, utility, and consistency. We perform an experimental study in the context of ads analytics and reporting at LinkedIn, thereby demonstrating the tradeoffs between privacy and utility needs, and the applicability of privacy-preserving mechanisms to real-world data. We also highlight the lessons learned from the production deployment of our system at LinkedIn.