Budget Sharing for Multi-Analyst Differential Privacy

TL;DR

This paper addresses the challenge of sharing a privacy budget among multiple analysts in differential privacy, proposing new algorithms that satisfy key desiderata and reduce error in multi-analyst data releases.

Contribution

It introduces a formal framework for multi-analyst differential privacy, defining key desiderata, and develops novel algorithms that meet these criteria while optimizing accuracy.

Findings

Existing mechanisms fail to satisfy all desiderata.

Proposed algorithms satisfy Sharing Incentive, Non-Interference, and Adaptivity.

Empirical results show low error on realistic tasks.

Abstract

Large organizations that collect data about populations (like the US Census Bureau) release summary statistics that are used by multiple stakeholders for resource allocation and policy making problems. These organizations are also legally required to protect the privacy of individuals from whom they collect data. Differential Privacy (DP) provides a solution to release useful summary data while preserving privacy. Most DP mechanisms are designed to answer a single set of queries. In reality, there are often multiple stakeholders that use a given data release and have overlapping but not-identical queries. This introduces a novel joint optimization problem in DP where the privacy budget must be shared among different analysts. We initiate study into the problem of DP query answering across multiple analysts. To capture the competing goals and priorities of multiple analysts, we formulate three desiderata that any mechanism should satisfy in this setting -- The Sharing Incentive, Non-Interference, and Adaptivity -- while still optimizing for overall error. We demonstrate how existing DP query answering mechanisms in the multi-analyst settings fail to satisfy at least one of the desiderata. We present novel DP algorithms that provably satisfy all our desiderata and empirically show that they incur low error on realistic tasks.