Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Randomized algorithms for precise measurement of differentially-private, personalized recommendations

Allegra Laro, Yanqing Chen, Hao He, Babak Aghazadeh

TL;DR

This work tackles the tension between precise measurement and user privacy in personalized recommendations by moving differential privacy noise into the content-selection step rather than the measurement phase. The proposed algorithm combines private on-device scoring with DP-based selection mechanisms (RR or SNM) to allow exact payment accounting for content creators while protecting Type I user data, enabling accurate server-side records and billing. Through offline experiments on public and internal ad- auctions data, the study shows that differential privacy can yield a practical privacy-utility trade-off, with Randomized Response performing well at moderate to high privacy levels and SNM offering data-dependent advantages at low privacy. The findings suggest that privacy-preserving, precise measurement in personalized recommendations is feasible at realistic privacy parameters, and that incorporating privacy-amplification strategies or exploring adaptive DP mechanisms could further improve utility in production systems.

Abstract

Personalized recommendations form an important part of today's internet ecosystem, helping artists and creators to reach interested users, and helping users to discover new and engaging content. However, many users today are skeptical of platforms that personalize recommendations, in part due to historically careless treatment of personal data and data privacy. Now, businesses that rely on personalized recommendations are entering a new paradigm, where many of their systems must be overhauled to be privacy-first. In this article, we propose an algorithm for personalized recommendations that facilitates both precise and differentially-private measurement. We consider advertising as an example application, and conduct offline experiments to quantify how the proposed privacy-preserving algorithm affects key metrics related to user experience, advertiser value, and platform revenue compared to the extremes of both (private) non-personalized and non-private, personalized implementations.

Randomized algorithms for precise measurement of differentially-private, personalized recommendations

TL;DR

This work tackles the tension between precise measurement and user privacy in personalized recommendations by moving differential privacy noise into the content-selection step rather than the measurement phase. The proposed algorithm combines private on-device scoring with DP-based selection mechanisms (RR or SNM) to allow exact payment accounting for content creators while protecting Type I user data, enabling accurate server-side records and billing. Through offline experiments on public and internal ad- auctions data, the study shows that differential privacy can yield a practical privacy-utility trade-off, with Randomized Response performing well at moderate to high privacy levels and SNM offering data-dependent advantages at low privacy. The findings suggest that privacy-preserving, precise measurement in personalized recommendations is feasible at realistic privacy parameters, and that incorporating privacy-amplification strategies or exploring adaptive DP mechanisms could further improve utility in production systems.

Abstract

Personalized recommendations form an important part of today's internet ecosystem, helping artists and creators to reach interested users, and helping users to discover new and engaging content. However, many users today are skeptical of platforms that personalize recommendations, in part due to historically careless treatment of personal data and data privacy. Now, businesses that rely on personalized recommendations are entering a new paradigm, where many of their systems must be overhauled to be privacy-first. In this article, we propose an algorithm for personalized recommendations that facilitates both precise and differentially-private measurement. We consider advertising as an example application, and conduct offline experiments to quantify how the proposed privacy-preserving algorithm affects key metrics related to user experience, advertiser value, and platform revenue compared to the extremes of both (private) non-personalized and non-private, personalized implementations.
Paper Structure (36 sections, 6 equations, 13 figures, 2 algorithms)

This paper contains 36 sections, 6 equations, 13 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background and related work
  3. Recommender systems and data types
  4. Key requirements
  5. Achieving user privacy in personalized recommendation
  6. Consent/transparency
  7. Data minimization
  8. Data anonymization
  9. Randomized algorithms for differentially-private recommendations
  10. Randomized Response
  11. Report (Select) Noisy Max
  12. Algorithm
  13. Evaluation
  14. Methods
  15. Research questions
  16. ...and 21 more sections

Figures (13)

  • Figure 1: Data flow for private, personalized recommendations.
  • Figure 2: Effects of removing information from the $pClick$ model on the internal datset. Lifts are relative to the full-information ($\epsilon=\infty$) auction setting.
  • Figure 3: Effects of the privacy parameter, $\epsilon$ on (a) CTR, (b) surplus and (c) revenue for SNM with either scaling or clipping bound = 100 and RR on the internal datset. (d)-(f) show the effects of changing the clipping bound in SNM.
  • Figure 4: Effects of the changing the cutoff parameter, $\gamma$, on (a) CTR, (b) surplus and (c) revenue on the internal datset.
  • Figure 5: Effects of changing the clipping bound in the SNM mechanism on the Taobao dataset.
  • ...and 8 more figures