Limits of Personalizing Differential Privacy Budgets

TL;DR

This paper investigates the limitations of personalized privacy budgets in differential privacy, showing that simple thresholding can often outperform fully personalized mechanisms in mean estimation tasks.

Contribution

It demonstrates that effective privacy budget selection via thresholding is nearly as good as full personalization, providing precise bounds and regimes of maximal gain.

Findings

Thresholding achieves near-optimal utility compared to full personalization.

Personalization offers limited gains in mixed and multi-level privacy settings.

Upper bounds and regimes of maximal gain are established for various privacy requirements.

Abstract

A key technical difficulty in differential privacy is selecting a privacy budget that satisfies privacy requirements while maximizing utility. A natural and well-studied workaround is to use personalized privacy budgets, which may differ across agents. In this paper, we show that personalized budgets come with major limitations and that for mean estimation, the dominant factor is not full personalization, but rather choosing the right effective privacy budget. This can be achieved through a simple thresholding operator that we describe. Compared with this thresholding baseline, the gains obtained by fully personalized mechanisms are limited. In particular, we precisely quantify the constant-factor improvement in settings with mixed private and public datasets and in private datasets with two levels of privacy requirements. We also establish upper bounds and identify regimes of maximal gain for arbitrary privacy requirements.