Adaptive Privacy Budgeting

TL;DR

This paper introduces an adaptive privacy budgeting framework under generalized differential privacy, allowing for strategic privacy expenditure based on previous query outputs to enhance utility while maintaining privacy.

Contribution

It proposes a novel adaptive privacy budgeting method that dynamically allocates privacy budgets based on query outputs, improving utility in differential privacy settings.

Findings

Framework enables strategic privacy budget allocation.

Demonstrates improved utility in multiple applications.

Supports generalized differential privacy models.

Abstract

We study the problem of adaptive privacy budgeting under generalized differential privacy. Consider the setting where each user $i\in [n]$ holds a tuple $x_i\in U:=U_1\times \dotsb \times U_T$, where $x_i(l)\in U_l$ represents the $l$-th component of their data. For every $l\in [T]$ (or a subset), an untrusted analyst wishes to compute some $f_l(x_1(l),\dots,x_n(l))$, while respecting the privacy of each user. For many functions $f_l$, data from the users are not all equally important, and there is potential to use the privacy budgets of the users strategically, leading to privacy savings that can be used to improve the utility of later queries. In particular, the budgeting should be adaptive to the outputs of previous queries, so that greater savings can be achieved on more typical instances. In this paper, we provide such an adaptive budgeting framework, with various applications demonstrating its applicability.