Integrating Differential Privacy and Contextual Integrity

TL;DR

This paper introduces a novel framework combining Differential Privacy and Contextual Integrity, enhancing privacy analysis by integrating descriptive and normative aspects, with practical benefits demonstrated through a U.S. Census case study.

Contribution

It presents the first integrated framework for DP and CI, enabling context-aware privacy tuning and broader application to real-world information flows.

Findings

Enables contextually-guided tuning of DP parameters.

Broadens CI applicability to real-world systems.

Demonstrates practical benefits with a U.S. Census case study.

Abstract

In this work, we propose the first framework for integrating Differential Privacy (DP) and Contextual Integrity (CI). DP is a property of an algorithm that injects statistical noise to obscure information about individuals represented within a database. CI defines privacy as information flow that is appropriate to social context. Analyzed together, these paradigms outline two dimensions on which to analyze privacy of information flows: descriptive and normative properties. We show that our new integrated framework provides benefits to both CI and DP that cannot be attained when each definition is considered in isolation: it enables contextually-guided tuning of the epsilon parameter in DP, and it enables CI to be applied to a broader set of information flows occurring in real-world systems, such as those involving PETs and machine learning. We conclude with a case study based on the use of DP in the U.S. Census Bureau.