Swellfish privacy: Supporting time-dependent relevance for continuous differential privacy

Abstract

Today, continuous publishing of differentially private query results is the de-facto standard. However, even today’s most advanced privacy frameworks for streams are not customizable enough to consider that privacy goals of humans change as quickly as human life. We name this time-dependent relevance of privacy goals. Instead, upon design time, one needs to estimate the worst case. Then, one hopes that this protection is sufficient and accepts that one protects against this case all the time, even if it is currently not relevant. Designing a privacy framework being aware of time-dependent relevance implies two effects, which – properly exploited – allow to tune data utility beyond incremental design of a novel privacy mechanism for an existing framework. In this paper, we propose such a new framework, named Swellfish Privacy. We also introduce two tools for designing Swellfish-private mechanisms, namely, time-variant sensitivity and a composition theorem, each implying one effect a mechanism can exploit for improving data utility. In a realistic case study, we show that exploiting both effects improves data utility by one to three orders of magnitude compared to state-of-the-art w-event DP mechanisms. Finally, we generalize the case study by showing how to estimate the strength of the effects for arbitrary use cases.