Data Sharing with Endogenous Choices over Differential Privacy Levels

TL;DR

This paper analyzes decentralized data sharing under differential privacy, revealing that fully decentralized mechanisms are inefficient but a simple centralized privacy setting can significantly improve outcomes.

Contribution

It introduces a model of decentralized data sharing with endogenous privacy choices and compares its efficiency to a centralized benchmark, highlighting the benefits of partial decentralization.

Findings

Fully decentralized sharing is highly inefficient in social welfare and accuracy.

A simple centralized privacy level can close the efficiency gap to constant factors.

Different privacy-cost regimes affect the equilibrium and efficiency outcomes.

Abstract

Motivated by the rapid push to decentralize sharing of data, we study whether large-scale data sharing coalitions can form in a decentralized manner under differential privacy when players have heterogeneous privacy preferences. We first consider a fully decentralized data-sharing mechanism in which each player decides whether to participate and how much privacy noise to add locally to their sensitive data before sharing. Privacy choices induce a fundamental trade-off: higher privacy lowers individual privacy costs but reduces data utility and statistical accuracy for the coalition. These choices generate externalities across players, making both participation and privacy levels strategic. Our goal is to understand which coalitions are stable, how privacy choices shape equilibrium outcomes, and how fully decentralized data-sharing compares to a centralized, socially optimal benchmark when the number of players is large. We provide a comprehensive analysis across multiple privacy-cost regimes corresponding to different attack/observation models in differential privacy, showing that full decentralization is highly inefficient in terms of both social welfare and estimator accuracy. Surprisingly, we find that a simple partially decentralized mechanism (where players still retain participation agency, but a central designer chooses a fixed privacy noise level for everyone) closes this efficiency gap down to constant factors across all privacy-cost regimes.