A Novel Approach to Data Privacy: Differential Privacy

Businesses are becoming more data-driven; this has become a necessary condition every business needs to fulfill in the age of Big Data in order to remain competitive within a given market. Well-structured large-scale consumer and enterprise-level datasets are paramount to corporate success. Such data provides valuable insights into consumer market dynamics and behavior as well as supply chain management, digital marketing practices, public relations, and human resources

However, this data often contains sensitive information. Whether it entails maintaining the privacy of consumers through anonymization methods or simply reducing the risk of cybersecurity breaches for corporations, data privacy plays a vital role in the modern business model. 

Moreover, seeing as regulatory frameworks such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are now regularly implemented and revised, businesses need to find unique solutions to maintaining data privacy to avoid colossal fines and damage to their public image. These solutions need to resist dataset de-anonymization attempts such as Linkage Attacks, which cross correlate anonymized datasets with one another to determine the identity of specific individuals by using indicatory factors such as race, ethnicity, gender, income, IP address, and location (to name a few). 

The advent of differential privacy, as a data anonymization method, has given businesses the tools they need to lay the groundwork for a corporate environment that intrinsically values data privacy. Additionally, differential privacy allows organizations to develop quantifiable metrics that reflect their levels of data privacy; this builds a platform that can withstand both internal and external scrutiny

Throughout this article, I will discuss the structure and function of differential privacy, the benefits it yields with respect to regulatory compliance, the strengths and weaknesses of a quantifiable metric for data privacy, and how it compares to other existing anonymization methods within the Big Data landscape. 

How Does it Work?

First of all, it is important to note that differential privacy is only useful in cases in which the ultimate goal is aggregate statistical analysisthis means that this method is restricted to application in large-scale datasets. I will discuss this point further in the ‘quantifying privacy’ section. 

Differential privacy measures the degree of privacy lost, or ε (epsilon) when a dataset is randomized or has noise added to it. The value of ε is dictated by the relationship between data privacy and potential data use – the lower the value of ε, the more privacy is retained, however, this also means the overall business utility of the dataset is compromised due to a decrease in accuracy. On the other hand, a high value of ε reflects the inverse variation of this phenomenon. 

Let us consider an example: you have a large-scale dataset obtained from a consumer questionnaire that contains individual information regarding gender. Using a differential privacy approach, you would apply a randomization algorithm to this dataset that manipulates the answers of individual respondents to a certain degree (this degree is established by what value of ε you wish to obtain) – if one respondent claimed they were ‘male’, the algorithm might switch this answer to ‘female’. This provides the consumer with plausible deniability with respect to their data since only they know the real answer they provided. 

Moreover, this anonymization process allows enterprises to monetize potentially sensitive consumer data without infringing upon consumers’ rights to privacy, insofar as the value of ε is sufficiently low. Importantly, differential privacy is versatile – it can be used on individual data prior to database centralization in addition to raw, unstructured data obtained at scale. The former is known as local differential privacy while the latter is global differential privacy

Finally, differential privacy, while it does not necessarily reduce the risk of cybersecurity breaches, can meaningfully mediate it. If a hacker gains access to a large-scale dataset that holds sensitive consumer information, insofar as it has been sufficiently randomized, it will be extremely difficult for the hacker to determine whether the dataset has any overall utility. Since it is likely that hackers will also use individual data points for the purposes of various kinds of exploitation, datasets that have been restructured under differential privacy make the task of pinpointing individualized information volatile. 

Compliance with Data Regulation 

Compliance with regulatory frameworks, especially as they become more prevalent, is a difficult but highly important task for businesses – those enterprises that do not comply could be subject to civil lawsuits and severe financial penalties

Privacy breaches or regulatory infringements can result in extremely costly fines – the CCPA can charge up to $7500 in civil penalties per violation or infringement while the GDPR can produce far more severe consequences – under this latter framework, Amazon was fined a remarkable $877 million just last year, while other major tech corporations like WhatsApp and Google Ireland also received penalties in the hundreds of millions. 

Moreover, when such penalties occur, they damage the reputation of an organization and also reduce the level of trust consumers place in their services. While it is unlikely that consumers will abandon digital services of convenience any time soon, especially those provided by major tech companies like Google, Amazon, Facebook, and WhatsApp, which are all deeply embedded in the digital landscape, said companies could still see a decrease in growth and overall revenue. Moreover, regulatory infringements reflect poorly on the company culture and mission; this could feasibly reduce the amount of highly-skilled professionals who wish to work within a particular industry or organization. 

Differential privacy does not conclusively solve the issue of data compliance and regulation at the enterprise level. However, it does provide an avenue that organizations can follow, especially those working with Big Data, to maintain the accuracy of their datasets without compromising consumer or corporate privacy. Finally, given that differential privacy uses randomization to anonymize datasets, it is virtually impossible to reverse engineer datasets to their original structure. This leads to a given dataset being more robust and secure. 

Quantifying Privacy 

There are two primary issues with quantifying privacy: 1) there is no predetermined threshold for what an ‘acceptable’ value of ε is, and 2) differential privacy can only be quantified at an aggregate scale – small or individualized datasets cannot be anonymized in this way because they lose all utility. 

The first issue warrants serious consideration. For instance, in statistics, a p-value is used to determine whether or not a given hypothesis is valid in comparison with observed data. The lower the p-value, the greater the likelihood that your hypothesis is not only correct but distinct (not a random answer that happens to conform to reality). As such, any p-value less than .05 is typically considered statistically relevant – if I discover a strong correlation between age and gender with respect to their effects on the likelihood to develop autoimmune disease, and obtain a p-value of .01, then the relationship I have uncovered is valid (notwithstanding my sample size and dataset quality). The p-value provides us with an evaluative tool that allows us to scrutinize all empirical research, regardless of domain or industry. 

Unfortunately, there is no agreed-upon standard for what the minimum or maximum threshold value of ε should be. Moreover, seeing as differential privacy is a relatively new concept, it has not yet been adequately integrated into regulatory frameworks, which could have a bearing on threshold value if it were informed by academic and government research. As an effect, it is mostly up to companies to self-regulate and establish industry standards, although we would be naive to assume that these standards would prioritize privacy over data utility. After all, the ultimate goal of a business is to generate profit. 

On the other hand, while major tech corporations may be able to implement differential privacy due to the scale of the data they use, smaller businesses and enterprises that obtain more individualized datasets will have to novel or existing approaches to anonymization methods. For example, smaller organizations still have to anticipate and deal with the risks posed by Linkage Attacks as well as their abilities to comply with regulatory frameworks. Overcoming these challenges, if they cannot obtain large-scale datasets, will hinder business expansion severely, possibly to a point where all market advantage is lost. 

Why is Differential Privacy a better option than other Data Privacy Approaches?

Current data privacy approaches involve a variety of methodologies:

  • Pseudoanonymization
  • Restricting access to certain individuals/entities 
  • Sophisticated Encryption using tools like the block cipher Advance Encryption Standard (AES) or the Triple Data Encryption Algorithm (DES)
  • The assessment of risk associated with specific datasets – the more sensitive data is, the higher risk it poses
  • Incorporating built-in fail-safes that destroy or backup all data 

While some of these methods are highly secure (e.g. AES has yet to be cracked), data breaches are nonetheless a possibility, regardless of whether an organization has adopted a sophisticated data infrastructure, encryption techniques, or collaborative multi-cloud platforms. Differential privacy allows organizations to take on a novel perspective; this perspective does not require that data be intrinsically protected, but rather, manipulated to a point where it retains its utility without risking the exposure of sensitive information. 

Moreover, the advent of differential privacy has also inspired new and more secure approaches to the generation of synthetic datadata that is artificially generated with the purpose of representing the statistical properties of an original dataset without identifying real people. The main risk associated with synthetic data is the possibility of reverse engineering whereby the original identities of those contained in the dataset are revealed. 

In fact, a group of researchers recently developed a model for synthetic data generation that employs paradigmatic functions of differential privacy in an autoregressive model. From their point of view, while the model does not yet produce optimal results, it can be easily implemented and customized; the code is also open-source. If businesses wish to streamline their data privacy practices, increase their abilities for regulatory compliance, mediate the risk of cybersecurity breaches, and ensure their reputations remain intact, they might begin by employing this kind of technology for data privacy and protection. 

Contributor

Sasha is currently pursuing an MSc in Bioethics at King’s College, London. Prior to engaging in his current studies, Sasha was a Division 1 Ski Racer at Bates College, where he graduated with a Bachelor’s in Cognitive Psychology and Classical Philosophy. He is deeply interested in applied ethics, specifically with respect to AI-driven exponential technologies and how they might one day affect humanity

About Sasha Cadariu

Sasha is currently pursuing an MSc in Bioethics at King’s College, London. Prior to engaging in his current studies, Sasha was a Division 1 Ski Racer at Bates College, where he graduated with a Bachelor’s in Cognitive Psychology and Classical Philosophy. He is deeply interested in applied ethics, specifically with respect to AI-driven exponential technologies and how they might one day affect humanity

View all posts by Sasha Cadariu →