Realisation-Level Privacy Filtering

TL;DR

This paper introduces a realisation-level filtering method for differentially private data release, enabling more refined privacy accounting and improved utility over traditional worst-case approaches.

Contribution

It proposes a novel realisation-level filtering approach for stopping data releases, guaranteeing differential privacy and applicable to arbitrary mechanisms.

Findings

The filter guarantees $(psilon, elta)$-differential privacy.

Numerical evidence shows improved utility over mechanism-level methods.

The approach applies to mechanisms that are poorly behaved under Re9nyi differential privacy.

Abstract

We study differentially private data release, where a database is accessed through successive, possibly adaptive queries and mechanisms. Existing composition theorems and privacy filters combine worst case per-round privacy parameters, leaving room for more refined accounting based on realised leakage, which we term realisation-level accounting. We propose a realisation-level filtering approach to determine stopping times for data releases, and design one such filter. Despite technical challenges arising from conditioning on realisations and stopping time, we prove that the filter guarantees $(\epsilon, \delta)$-differential privacy, with $\epsilon$ and $\delta$ chosen by the data handler. Through numerical evidence, we demonstrate that realisation-level filtering provides a path to better utility beyond mechanism-level methods. Furthermore, our proposed filter applies to arbitrary mechanisms, including those that are badly behaved under R\'enyi differential privacy.