Evaluating the Usability of Differential Privacy Tools with Data Practitioners
Ivoline C. Ngong, Brad Stenger, Joseph P. Near, Yuanyuan Feng
TL;DR
The paper tackles the usability barrier to real-world differential privacy by conducting the first cross-tool usability study of four Python-based DP tools with 24 data practitioners. It evaluates DP understanding, implementation, and user satisfaction using learnability, efficiency, error prevention, and SUS/NPS metrics, revealing that novices can gain DP comprehension through hands-on tasks while API design and documentation critically shape success. DiffPrivLib typically yields higher task completion but can permit DP violations due to flexible defaults, whereas OpenDP shows stronger DP-violation prevention at the cost of usability; overall, tool design and educational resources determine adoption potential. The authors provide evidence-based recommendations—improved navigation, DP-specific examples, clearer error messages, intuitive APIs, and DP foundations education—to broaden DP adoption in industry and practice.
Abstract
Differential privacy (DP) has become the gold standard in privacy-preserving data analytics, but implementing it in real-world datasets and systems remains challenging. Recently developed DP tools aim to make DP implementation easier, but limited research has investigated these DP tools' usability. Through a usability study with 24 US data practitioners with varying prior DP knowledge, we evaluated the usability of four Python-based open-source DP tools: DiffPrivLib, Tumult Analytics, PipelineDP, and OpenDP. Our results suggest that using DP tools in this study may help DP novices better understand DP; that Application Programming Interface (API) design and documentation are vital for successful DP implementation; and that user satisfaction correlates with how well participants completed study tasks with these DP tools. We provide evidence-based recommendations to improve DP tools' usability to broaden DP adoption.