Between Privacy and Utility: On Differential Privacy in Theory and Practice
17 Pages Posted: 5 Dec 2022 Last revised: 13 Oct 2023
Date Written: November 22, 2022
Abstract
Differential privacy (DP) aims to confer data processing systems with inherent privacy guarantees, offering stronger protections for personal data. However, thinking about privacy through the lens of DP carries with it certain assumptions, which—if left unexamined—could function to shield data collectors from liability and criticism, rather than substantively protect data subjects from privacy harms. This paper investigates these assumptions and discusses their implications for governing DP systems. In Parts 1 and 2, we introduce DP as a mathematical framework and a sociotechnical system, using a hypothetical case study to illustrate substantive differences between the two. In Parts 3 and 4, we discuss the way DP frames privacy loss, data processing interventions, and data subject participation in ways that could exacerbate existing problems in privacy regulation. In part 5, we conclude with a discussion on DP’s potential interactions with the endogeneity of privacy law, and we propose principles for best governing DP systems. In making such assumptions and their consequences explicit, we hope to help DP succeed at realizing its promise for better substantive privacy protections.
Keywords: Differential Privacy, Science and Technology Studies, Privacy Law, Critical Code Studies
Suggested Citation: Suggested Citation