Differential privacy: an economic method for choosing epsilon

Justin Hsu, Marco Gaboardi, Andreas Haeberlen, Sanjeev Khanna, Arjun Narayan, Benjamin C. Pierce, Aaron Roth

Research output: Chapter in Book/Report/Conference proceedingConference contribution

137 Citations (Scopus)


Differential privacy is becoming a gold standard notion of privacy, it offers a guaranteed bound on loss of privacy due to release of query results, even under worst-case assumptions. The theory of differential privacy is an active research area, and there are now differentially private algorithms for a wide range of problems.

However, the question of when differential privacy works in practice has received relatively little attention. In particular, there is still no rigorous method for choosing the key parameter ε;, which controls the crucial trade off between the strength of the privacy guarantee and the accuracy of the published results.

In this paper, we examine the role of these parameters in concrete applications, identifying the key considerations that must be addressed when choosing specific values. This choice requires balancing the interests of two parties with conflicting objectives: the data analyst, who wishes to learn something about the data, and the prospective participant, who must decide whether to allow their data to be included in the analysis. We propose a simple model that expresses this balance as formulas over a handful of parameters, and we use our model to choose ε; on a series of simple statistical studies. We also explore a surprising insight: in some circumstances, a differentially private study can be more accurate than a non-private study for the same cost, under our model. Finally, we discuss the simplifying assumptions in our model and outline a research agenda for possible refinements.

Original languageEnglish
Title of host publicationProceedings of the 2014 IEEE 27th Computer Security Foundations Symposium, CSF 2014
PublisherIEEE Computer Society
Number of pages13
ISBN (Print)9781479942909
Publication statusPublished - 2014
Event27th IEEE Computer Security Foundations Symposium - Vienna, Austria
Duration: 19 Jul 201422 Jul 2014


Conference27th IEEE Computer Security Foundations Symposium
Abbreviated titleCSF 2014
Internet address


  • Differential privacy

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Differential privacy: an economic method for choosing epsilon'. Together they form a unique fingerprint.

Cite this