A General Framework for Per-record Differential Privacy

TL;DR

This paper introduces a versatile framework that adapts standard differential privacy mechanisms to support per-record privacy requirements, improving utility while maintaining privacy guarantees across various data analysis tasks.

Contribution

It presents a general, practical approach for implementing per-record differential privacy with minimal utility loss, including techniques for privacy-preserving estimation of privacy bounds.

Findings

Achieves high utility in count, sum, and max estimations under PrDP.

Outperforms existing Personalized DP methods significantly.

Supports both central and local differential privacy settings.

Abstract

Differential Privacy (DP) is a widely adopted standard for privacy-preserving data analysis, but it assumes a uniform privacy budget across all records, limiting its applicability when privacy requirements vary with data values. Per-record Differential Privacy (PrDP) addresses this by defining the privacy budget as a function of each record, offering better alignment with real-world needs. However, the dependency between the privacy budget and the data value introduces challenges in protecting the budget's privacy itself. Existing solutions either handle specific privacy functions or adopt relaxed PrDP definitions. A simple workaround is to use the global minimum of the privacy function, but this severely degrades utility, as the minimum is often set extremely low to account for rare records with high privacy needs. In this work, we propose a general and practical framework that enables any standard DP mechanism to support PrDP, with error depending only on the minimal privacy requirement among records actually present in the dataset. Since directly revealing this minimum may leak information, we introduce a core technique called privacy-specified domain partitioning, which ensures accurate estimation without compromising privacy. We also extend our framework to the local DP setting via a novel technique, privacy-specified query augmentation. Using our framework, we present the first PrDP solutions for fundamental tasks such as count, sum, and maximum estimation. Experimental results show that our mechanisms achieve high utility and significantly outperform existing Personalized DP (PDP) methods, which can be viewed as a special case of PrDP with relaxed privacy protection.