Privacy: An axiomatic approach

TL;DR

This paper proposes an axiomatic, information-theoretic definition of privacy that integrates social science insights and modern privacy technologies, enabling precise, quantitative analysis of privacy protection methods.

Contribution

It introduces a rigorous axiomatic framework for privacy based on information flows, bridging social science and differential privacy, and facilitating objective policy discussions.

Findings

Privacy protection is fundamentally an information-theoretic challenge.

The framework allows quantitative evaluation of privacy-preserving technologies.

It synthesizes social science concepts with modern PETs like differential privacy.

Abstract

The increasing prevalence of large-scale data collection in modern society represents a potential threat to individual privacy. Addressing this threat, for example through privacy-enhancing technologies (PETs), requires a rigorous definition of what exactly is being protected, that is, of privacy itself. In this work, we formulate an axiomatic definition of privacy based on quantifiable and irreducible information flows. Our definition synthesizes prior work from the domain of social science with a contemporary understanding of PETs such as differential privacy (DP). Our work highlights the fact that the inevitable difficulties of protecting privacy in practice are fundamentally information-theoretic. Moreover, it enables quantitative reasoning about PETs based on what they are protecting, thus fostering objective policy discourse about their societal implementation.