Congenial Differential Privacy under Mandated Disclosure

TL;DR

This paper proposes a systematic approach to incorporate mandated disclosure constraints directly into differential privacy mechanisms through probabilistic conditioning, ensuring congeniality and eliminating the need for ad-hoc post-processing.

Contribution

It introduces a principled method for integrating external constraints into differential privacy via probabilistic conditioning, enhancing transparency and statistical validity.

Findings

Conditioning on invariant margins ensures congeniality.

The proposed method simplifies the privacy mechanism design.

Initial theoretical guarantees support the approach.

Abstract

Differentially private data releases are often required to satisfy a set of external constraints that reflect the legal, ethical, and logical mandates to which the data curator is obligated. The enforcement of constraints, when treated as post-processing, adds an extra phase in the production of privatized data. It is well understood in the theory of multi-phase processing that congeniality, a form of procedural compatibility between phases, is a prerequisite for the end users to straightforwardly obtain statistically valid results. Congenial differential privacy is theoretically principled, which facilitates transparency and intelligibility of the mechanism that would otherwise be undermined by ad-hoc post-processing procedures. We advocate for the systematic integration of mandated disclosure into the design of the privacy mechanism via standard probabilistic conditioning on the invariant margins. Conditioning automatically renders congeniality because any extra post-processing phase becomes unnecessary. We provide both initial theoretical guarantees and a Markov chain algorithm for our proposal. We also discuss intriguing theoretical issues that arise in comparing congenital differential privacy and optimization-based post-processing, as well as directions for further research.