Prior-itizing Privacy: A Bayesian Approach to Setting the Privacy Budget in Differential Privacy

TL;DR

This paper introduces a Bayesian framework for setting the privacy budget in differential privacy, allowing agencies to balance data utility and confidentiality based on acceptable posterior disclosure risks.

Contribution

It proposes a novel Bayesian approach to determine the privacy parameter epsilon, linking it to posterior disclosure probabilities and agency-specific risk preferences.

Findings

Framework enables tailored privacy-utility trade-offs.

Allows agencies to evaluate different risk profiles.

Provides a systematic method for setting privacy budgets.

Abstract

When releasing outputs from confidential data, agencies need to balance the analytical usefulness of the released data with the obligation to protect data subjects' confidentiality. For releases satisfying differential privacy, this balance is reflected by the privacy budget, $\varepsilon$. We provide a framework for setting $\varepsilon$ based on its relationship with Bayesian posterior probabilities of disclosure. The agency responsible for the data release decides how much posterior risk it is willing to accept at various levels of prior risk, which implies a unique $\varepsilon$. Agencies can evaluate different risk profiles to determine one that leads to an acceptable trade-off in risk and utility.