Trading Data with Personalized Differential Privacy and Partial Arbitrage Freeness

There is a growing trend regarding perceiving personal data as a commodity. Existing studies have built frameworks and theories about how to determine an arbitrage-free price of a given query according to the privacy loss quantified by differential privacy. However, those previous works have assumed that data buyers can purchase query answers with the arbitrary privacy loss of data owners, which may not be valid under strict privacy regulations such as GDPR and the increasing privacy concerns of data owners. In this paper, we study how to empower data owners with the control of privacy loss in regard to data trading. First, we propose a modularized framework for trading personal data that enables each data owner to bound her personalized privacy loss from data trading. Second, since bounded privacy losses indicate bounded utilities of query answers, we propose a reasonable relaxation of arbitrage freeness named partial arbitrage freeness, i.e., the guarantee of arbitrage-free pricing only for a limited range of utilities, which provides more possibilities for our market design. Third, to avoid arbitrage behaviors, we propose a general method for ensuring arbitrage freeness under personalized differential privacy. Fourth, to make full use of data owners' personalized privacy loss bounds, we propose online privacy budget allocation techniques to dynamically allocate privacy losses for queries under arbitrage freeness.