Privacy is essential in data trading markets. This work uses a mechanism design approach to study the data buyer's optimal data market model with differential privacy. Motivated by the discovery of individuals' dual motives for privacy protection, we consider that each data owner privately possesses an intrinsic motive and an instrumental motive. We study optimal market design in a dynamic environment by determining the privacy assignment rule that specifies the privacy protection at each data usage and the payment rules to compensate for the privacy loss when the owners' instrumental motive is endogenously dynamic due to the buyer's dynamic activities. Due to the privacy-utility tradeoff of differential privacy, privacy loss is inevitable when data is traded with privacy protection. To mitigate the risk of uncertainties, we allow the owners to leave the market using optimal stopping time if the accumulated privacy loss is beyond their privacy budgets that depend on their intrinsic motives. In order to influence the data owners' stopping decisions, the data buyer uses a stopping payment rule that is independent of the data owners' preferences and specifies a monetary transfer to a data owner only at the period when he decides to stop at the end of that period. We introduce the notion of dynamic incentive compatibility to capture the joint deviations from optimal stopping and truthful reporting. Under a monotonicity assumption about the dynamics, the optimal stopping rule can be formulated as a threshold-based rule. A design principle is provided by a sufficient condition of dynamic incentive compatibility. We relax the buyer's optimal market design by characterizing the monetary transfer rules in terms of privacy assignment rules and the threshold functions. To address the analytical intractability, we provide a sufficient condition for a relaxed dynamic incentive-compatible model.
翻译:在数据交易市场中,隐私是绝对必要的。这项工作使用一种机制设计方法来研究数据买主的最佳数据市场模式,并使用不同的隐私。由于发现个人保护隐私的双重动机,我们认为,每个数据所有者都拥有内在动机和工具动机。我们研究动态环境中的最佳市场设计,方法是确定隐私分配规则,具体规定每项数据使用中的隐私保护以及支付规则,以补偿由于买主的动态活动而导致的自身动机而导致的隐私损失。由于不同隐私的保密-效用权衡的保密性,在数据以隐私保护方式进行交易时,隐私损失是不可避免的。为了减少不确定性的风险,我们考虑每个数据所有者都拥有最佳的停止时间,如果累积的隐私损失超出其固有动机的预算,则允许每个数据所有者在动态环境中进行最佳的市场设计。为了影响数据所有者的决定,数据购买者使用一种与数据所有者的偏好倾向无关的停止支付规则,并且规定只有在他决定停止这一时期结束时才向数据所有者进行货币转移。我们引入了动态模式的兼容性概念概念,通过最优的稳定性规则来测量最佳的动态规则的稳定性,从而阻止最优性地设计一个最优性规则。