Differential privacy revolutionizes the way we think about statistical disclosure limitation. A distinct feature of differential privacy is that the probabilistic mechanism with which the data are privatized can be made public without sabotaging the privacy guarantee. In a technical treatment, this paper establishes the necessity of transparent privacy for drawing unbiased statistical inference for a wide range of scientific questions. Uncertainty due to privacy may be conceived as a dynamic and controllable component from the total survey error perspective. Mandated invariants constitute a threat to transparency when imposed on the privatized data product through "post-processing", resulting in limited statistical usability. Transparent privacy presents a viable path towards principled inference from privatized data releases, and shows great promise towards improved reproducibility, accountability and public trust in modern data curation.
翻译:差异隐私的一个明显特点是,数据私有化的概率机制可以在不破坏隐私保障的情况下被公诸于众。在技术处理中,本文件确定对一系列广泛的科学问题必须具有透明的隐私,以便得出公正的统计推论。从全面调查错误的角度来看,隐私的不确定性可被视为一个动态和可控制的组成部分。当通过“后处理”将透明度强加给私有化数据产品时,授权的不平等构成了对透明度的威胁,导致统计可用性有限。透明隐私是一条可行的途径,从私有化数据发布中得出原则性推论,并有望改善现代数据整理的可复制性、问责制和公众信任度。