Exciting news: our paper “Differential Privacy Configurations in the Real World: A Comparative Analysis” was just accepted to IEEE Transactions on Knowledge and Data Engineering. Another great paper of Michael Khavkin‘s Ph.D.!

Preprint is available here.

Differential Privacy is the gold standard for data anonymization as it provides mathematically provable privacy guarantees for individuals. It’s already used in products from Apple, Microsoft, Google, and even the U.S. Census. Also the basis of privacy-preserving machine learning.

But how is it actually deployed in the real world? And most importantly, how strong are the privacy guarantees provided to actual users? We conducted the first systematic review of real-world DP deployments (n=140), comparing commercial, governmental, and academic uses.

Our findings show that privacy guarantees (e.g., epsilon ε values) provided in theoretical academic research are rarely matched in commercial and governmental deployments, which adopt way looser guarantees. All sectors show increasing ε values over time, suggesting organizations are relaxing privacy constraints to enable more fine grained data analysis. This trend raises serious questions about the long-term DPs privacy protection and whether it protect data subjects at all.

Often, these choices aren’t clearly explained. 59% of academic papers and most of commercial deployments provided NO justification for their ε choices. This lack of transparency makes it hard to reproduce results or understand privacy guarantees.

We propose standardized ways to frame and report on DP configuration processes and suggest a framework for an “Epsilon Registry”, a public database of DP implementations to guide applications, inform regulators, and improve transparency to users. Our main point is that hashtagDifferentialPrivacy is pretty great because it allows informed discussions of privacy guarantees, but configuring them is not just a technical choice, it’s a major policy decision with direct implications for user trust, fairness, and transparency.