Adobe Experience Platform

What is Differential Privacy?

The key idea behind differential privacy is to ensure that the results of any analysis or query on a dataset remain almost identical, whether or not an individual's data is included. This means that no end user can "difference" two snapshots of the dataset and deduce who the individuals are. By maintaining this consistency, differential privacy prevents anyone from inferring significant details about any specific person, even if they are aware that person’s data is part of the dataset.

Consider a database that tracks whether people have a particular medical condition. A simple query might ask, "How many people in the dataset have the condition?" Suppose the true count is 100. Now, imagine that a new person with the condition is added, increasing the count to 101. As the data scientist, you know that your neighbor has been very ill and that there is only one medical care provider nearby. Without differential privacy, this information could allow you to deduce that your neighbor is included in the dataset.

To prevent this, we can add a small amount of random noise before revealing the count. Instead of reporting exactly 100, we might reveal 102 or 99. If someone joins or leaves the dataset, the count could shift to 103 or 100, for instance. This noise ensures that the presence or absence of any individual doesn't significantly impact the result.

In this way, you, as the data scientist, cannot confidently determine whether a specific person is part of the dataset based on the output. And that is a good thing - the individual's privacy is protected, as their contribution is "hidden" within the noise.

The Privacy vs. Utility Tradeoff Dilemma

The key idea in adding noise to ensure differential privacy is to balance two competing objectives:

• Privacy: Protecting individuals’ data by making it difficult to infer whether a particular individual is in the dataset.
• Utility: Ensuring that the analysis results remain useful and accurate for personalization despite the noise

The tradeoffs are:

• High Privacy → Lower Utility: When you add a lot of noise to data to protect privacy, the accuracy and reliability of the data and hence your personalization decrease
• High Utility → Lower Privacy: On the other hand, if you reduce the noise to increase the accuracy (utility) of the data i.e. the personalization, the dataset becomes more representative of the actual individuals, which increases the risk of identifying someone.

Two Key Variables for Privacy: Sensitivity and Noise

In differential privacy, sensitivity (denoted as Δf) refers to how much the result of a query could change if a single individual's data is added or removed. It's not about the variability of the data itself, but about the potential impact any individual’s presence can have on the output. The higher the sensitivity, the greater the change an individual’s data can introduce to the result.

Let’s revisit the example of the medical condition dataset. If the condition can only have one of two values (e.g., "has the condition" or "does not"), it means the data has low sensitivity—since adding or removing one person will change the count by at most 1. However, this low sensitivity makes it easier for someone, like a data scientist, to start guessing which of their neighbors is in the dataset by correlating other fields, like treatments or appointment times.

Even though the sensitivity is low (since the result can only change by a small amount), the signal is strong because there is limited variation in the data. This means the individual’s presence becomes easier to detect, which can compromise privacy. To protect against this, we need to compensate by adding carefully calibrated noise. The amount of noise depends on the sensitivity: low sensitivity may require less noise, but it’s still essential to add enough to prevent any inference about specific individuals based on the dataset’s output. The amount of noise added is determined by a key privacy parameter known as epsilon (𝜀).

This balance between sensitivity and noise ensures that the final result provides useful insights while protecting the privacy of individuals.

In practice, you must choose an appropriate value for epsilon (𝜀) based on your specific needs and risk tolerance. Higher epsilon values might be suitable when the accuracy of data is critical (e.g., scientific research use cases), while lower epsilon values would be more appropriate in sensitive applications where privacy is the top priority (e.g., health data).

Read the Tutorial

The link is here.