Bridging Central and Local Differential Privacy in Data Acquisition Mechanisms
34 Pages Posted: 27 Dec 2022 Last revised: 15 Mar 2023
Date Written: December 24, 2022
We study the design of optimal Bayesian data acquisition mechanisms for a platform interested in estimating the mean of a distribution by collecting data from privacy-conscious users. In our setting, users have heterogeneous sensitivities for two types of privacy losses corresponding to local and central privacy measures. The local privacy loss of a user is due to the leakage of a user's information when she shares her data with the platform, and the central privacy loss of a user is due to the released estimate by the platform to the public. The users share their data in exchange for a payment (e.g., through monetary transfers or services) that compensates for their privacy losses. The platform does not know the privacy sensitivity of users and must design a mechanism to solicit their preferences and then deliver both local and central privacy guarantees while minimizing the estimation error plus the expected payment to users. We first establish minimax lower bounds for the estimation error, given a vector of privacy guarantees, and show that a linear estimator is (near) optimal. We then turn to our main goal: designing an optimal data acquisition mechanism. We establish that the design of such mechanisms in a Bayesian setting (where the platform knows the distribution of users' sensitivities and not their realizations) can be cast as a nonconvex optimization problem. Using a primal-dual argument, we prove that finding the optimal mechanism admits a Polynomial Time Approximation Scheme (PTAS).
Keywords: Differential privacy, Bayesian mechanism design, Minimax lower bound, Local and central differential privacy, Data markets
Suggested Citation: Suggested Citation