Lessons Learned: Surveying the Practicality of Differential Privacy in the Industry

  title={Lessons Learned: Surveying the Practicality of Differential Privacy in the Industry},
  author={Gonzalo Munilla Garrido and Xiaoyuan Liu and Florian Matthes and Dawn Xiaodong Song},
Since its introduction in 2006, differential privacy has emerged as a predominant statistical tool for quantifying data privacy in aca-demic works. Yet despite the plethora of research and open-source utilities that have accompanied its rise, with limited exceptions, differential privacy has failed to achieve widespread adoption in the enterprise domain. Our study aims to shed light on the funda-mental causes underlying this academic-industrial utilization gap through detailed interviews of 24… 

Figures and Tables from this paper



Issues Encountered Deploying Differential Privacy

The U.S. Census Bureau has encountered many challenges in attempting to transition differential privacy from the academy to practice, including obtaining qualified personnel and a suitable computing environment, the difficulty accounting for all uses of the confidential data, and the lack of release mechanisms that align with the needs of data users.

Exploring Privacy-Accuracy Tradeoffs using DPComp

DPComp is presented, a publicly-accessible web-based system, designed to support a broad community of users, including data analysts, privacy researchers, and data owners, that can use DPComp to assess the accuracy of state-of-the-art privacy algorithms and interactively explore algorithm output in order to understand the error introduced by the algorithms.

Visualizing Privacy-Utility Trade-Offs in Differentially Private Data Releases

Visualizing Privacy (ViP) is presented, an interactive interface that visualizes relationships between ɛ, accuracy, and disclosure risk to support setting and splitting ɚ among queries and has an inference setting, allowing a user to reason about the impact of DP noise on statistical inferences.


It is shown that there are nuances to how definitions of “privacy” and “utility” can differ from each other, nuances that matter for why a definition that is appropriate in one context may not be appropriate in another.

PriPeARL: A Framework for Privacy-Preserving Analytics and Reporting at LinkedIn

PriPeARL, a framework for privacy-preserving analytics and reporting, inspired by differential privacy, is presented, describing the overall design and architecture, and the key modeling components, focusing on the unique challenges associated with privacy, coverage, utility, and consistency.

Decision Support for Sharing Data using Differential Privacy

This paper describes a differential privacy parameter selection procedure that minimizes what lay data owners need to know and a user visualization and workflow that makes this procedure available forLay data owners by helping them set the level of noise appropriately to achieve a tolerable risk level.

Synthetic Differential Privacy Data Generation for Revealing Bias Modelling Risks

  • Matthew WilchekYingjie Wang
  • Computer Science
    2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)
  • 2021
This analysis proposes a novel method to generate synthetic, differential privacy data while avoiding the common pitfalls and capable of being leveraged broadly and shows how this novel approach can maintain inference for modeling and potential risks tied to PII features.

Towards Practical Differential Privacy for SQL Queries

It is proved that elastic sensitivity is an upper bound on local sensitivity and can therefore be used to enforce differential privacy using any local sensitivity-based mechanism, and FLEX is built, a practical end-to-end system to enforcing differential privacy for SQL queries using elastic sensitivity.

A Programming Framework for Differential Privacy with Accuracy Concentration Bounds

The distinguishing feature of DPella is a novel component which statically tracks the accuracy of different data analyses, which leverages taint analysis for automatically inferring statistical independence of the different noise quantities added for guaranteeing privacy.

The Users' Perspective on the Privacy-Utility Trade-offs in Health Recommender Systems