"Am I Private and If So, how Many?" – Using Risk Communication Formats for Making Differential Privacy Understandable

by   Daniel Franzen, et al.

Mobility data is essential for cities and communities to identify areas for necessary improvement. Data collected by mobility providers already contains all the information necessary, but privacy of the individuals needs to be preserved. Differential privacy (DP) defines a mathematical property which guarantees that certain limits of privacy are preserved while sharing such data, but its functionality and privacy protection are difficult to explain to laypeople. In this paper, we adapt risk communication formats in conjunction with a model for the privacy risks of DP. The result are privacy notifications which explain the risk to an individual's privacy when using DP, rather than DP's functionality. We evaluate these novel privacy communication formats in a crowdsourced study. We find that they perform similarly to the best performing DP communications used currently in terms of objective understanding, but did not make our participants as confident in their understanding. We also discovered an influence, similar to the Dunning-Kruger effect, of the statistical numeracy on the effectiveness of some of our privacy communication formats and the DP communication format used currently. These results generate hypotheses in multiple directions, for example, toward the use of risk visualization to improve the understandability of our formats or toward adaptive user interfaces which tailor the risk communication to the characteristics of the reader.


page 1

page 2

page 3

page 4


"Am I Private and If So, how Many?" - Communicating Privacy Guarantees of Differential Privacy with Risk Communication Formats

Decisions about sharing personal information are not trivial, since ther...

Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension

Differential privacy protects an individual's privacy by perturbing data...

What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy

Differential privacy (DP) is a mathematical privacy notion increasingly ...

Perturbed M-Estimation: A Further Investigation of Robust Statistics for Differential Privacy

Differential Privacy (DP) provides an elegant mathematical framework for...

Efficient Privacy-Preserved Processing of Multimodal Data for Vehicular Traffic Analysis

We estimate vehicular traffic states from multimodal data collected by s...

New Differential Privacy Communication Pipeline and Design Framework

Organizations started to adopt differential privacy (DP) techniques hopi...

Aggregation and Transformation of Vector-Valued Messages in the Shuffle Model of Differential Privacy

Advances in communications, storage and computational technology allow s...

Please sign up or login with your details

Forgot password? Click here to reset