"Am I Private and If So, how Many?" - Communicating Privacy Guarantees of Differential Privacy with Risk Communication Formats

by   Daniel Franzen, et al.

Decisions about sharing personal information are not trivial, since there are many legitimate and important purposes for such data collection, but often the collected data can reveal sensitive information about individuals. Privacy-preserving technologies, such as differential privacy (DP), can be employed to protect the privacy of individuals and, furthermore, provide mathematically sound guarantees on the maximum privacy risk. However, they can only support informed privacy decisions, if individuals understand the provided privacy guarantees. This article proposes a novel approach for communicating privacy guarantees to support individuals in their privacy decisions when sharing data. For this, we adopt risk communication formats from the medical domain in conjunction with a model for privacy guarantees of DP to create quantitative privacy risk notifications. We conducted a crowd-sourced study with 343 participants to evaluate how well our notifications conveyed the privacy risk information and how confident participants were about their own understanding of the privacy risk. Our findings suggest that these new notifications can communicate the objective information similarly well to currently used qualitative notifications, but left individuals less confident in their understanding. We also discovered that several of our notifications and the currently used qualitative notification disadvantage individuals with low numeracy: these individuals appear overconfident compared to their actual understanding of the associated privacy risks and are, therefore, less likely to seek the needed additional information before an informed decision. The promising results allow for multiple directions in future research, for example, adding visual aids or tailoring privacy risk communication to characteristics of the individuals.


page 1

page 2

page 3

page 4


"Am I Private and If So, how Many?" – Using Risk Communication Formats for Making Differential Privacy Understandable

Mobility data is essential for cities and communities to identify areas ...

Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension

Differential privacy protects an individual's privacy by perturbing data...

What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy

Differential privacy (DP) is a mathematical privacy notion increasingly ...

Partial sensitivity analysis in differential privacy

Differential privacy (DP) allows the quantification of privacy loss when...

A Systematic Literature Review on Wearable Health Data Publishing under Differential Privacy

Wearable devices generate different types of physiological data about th...

VAMS: Verifiable Auditing of Access to Confidential Data

The sharing of personal data has the potential to bring substantial bene...

Privacy-Preserving and Efficient Verification of the Outcome in Genome-Wide Association Studies

Providing provenance in scientific workflows is essential for reproducib...

Please sign up or login with your details

Forgot password? Click here to reset