Chapter 7. Eyes on the Privacy Unit

Your choice of privacy unit is at least as important as the choice of privacy loss parameters themselves. The privacy unit governs what you are protecting, which directly affects the strength of the privacy guarantee. Privacy units in real-world deployments often contain some nuance; they may not correspond to individuals, and this obscures the interpretation of the privacy guarantee.

In addition, you must be able to identify the privacy unit of your data set before you can even begin to chain together stable transformations and private mechanisms. Unfortunately, you have not yet been given the necessary tools to characterize the privacy unit on a very common class of real-world data sets: data with unbounded user contributions.

These are the two primary motifs in this chapter—helping you understand the implications of your choice of privacy unit and providing you with more tools to characterize your privacy unit. It is your responsibility, as a practitioner of differential privacy, to correctly characterize the unit of privacy in your DP analyses and to choose units of privacy that will give meaningful privacy guarantees.

This chapter will present you with scenarios where you will need to define the unit of privacy. Although the scenarios are illustrative, the projects presented here share similar characteristics to important data releases that are currently being conducted in the technology space. One example of such a data release is happening ...

Get Hands-On Differential Privacy now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.