Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differentially Private Bayesian Persuasion

Yuqi Pan, Zhiwei Steven Wu, Haifeng Xu, Shuran Zheng

TL;DR

This paper investigates Bayesian persuasion under differential privacy constraints, modeling the sender’s state as a database of binary agent types and enforcing per-agent privacy during information disclosure. It develops two equivalent formulations—the posterior-space and the action-based signaling view—and analyzes privacy-utility tradeoffs across $ε$-DP, $(ε,δ)$-DP, and Rényi DP, establishing both geometric characterizations and algorithmic solutions. A key finding is the existence of significant, constant additive gaps in sender utility between stricter privacy regimes and no privacy, across a broad family of utilities. For computation, the authors provide concave-hull characterizations under $ε$-DP and $(ε,δ)$-DP, and show that, under mild homogeneity, the problem becomes tractable in multi-receiver settings via oblivious signaling and separation-oracle methods. The results offer practical guidance for designing private data disclosures in online advertising and other data-sharing contexts where persuasion and privacy must be balanced.

Abstract

The tension between persuasion and privacy preservation is common in real-world settings. Online platforms should protect the privacy of web users whose data they collect, even as they seek to disclose information about these data to selling advertising spaces. Similarly, hospitals may share patient data to attract research investments with the obligation to preserve patients' privacy. To deal with these issues, we develop a framework to study Bayesian persuasion under differential privacy constraints, where the sender must design an optimal signaling scheme for persuasion while guaranteeing the privacy of each agent's private information in the database. To understand how privacy constraints affect information disclosure, we explore two perspectives within Bayesian persuasion: one views the mechanism as releasing a posterior about the private data, while the other views it as sending an action recommendation. The posterior-based formulation helps consider privacy-utility tradeoffs, quantifying how the tightness of privacy constraints impacts the sender's optimal utility. For any instance in a common utility function family and a wide range of privacy levels, a significant constant utility gap can be found between any two of the three conditions: $ε$-differential privacy constraint, relaxation $(ε,δ)$-differential privacy constraint, and no privacy constraint. We further geometrically characterize optimal signaling schemes under different types of constraints ($ε$-differential privacy, $(ε,δ)$-differential privacy and Renyi differential privacy), all of which can be seen as finding concave hulls in constrained posterior regions. Meanwhile, by taking the action-based view of persuasion, we provide polynomial-time algorithms for computing optimal differentially private signaling schemes, as long as a mild homogeneous condition is met.

Differentially Private Bayesian Persuasion

TL;DR

This paper investigates Bayesian persuasion under differential privacy constraints, modeling the sender’s state as a database of binary agent types and enforcing per-agent privacy during information disclosure. It develops two equivalent formulations—the posterior-space and the action-based signaling view—and analyzes privacy-utility tradeoffs across -DP, -DP, and Rényi DP, establishing both geometric characterizations and algorithmic solutions. A key finding is the existence of significant, constant additive gaps in sender utility between stricter privacy regimes and no privacy, across a broad family of utilities. For computation, the authors provide concave-hull characterizations under -DP and -DP, and show that, under mild homogeneity, the problem becomes tractable in multi-receiver settings via oblivious signaling and separation-oracle methods. The results offer practical guidance for designing private data disclosures in online advertising and other data-sharing contexts where persuasion and privacy must be balanced.

Abstract

The tension between persuasion and privacy preservation is common in real-world settings. Online platforms should protect the privacy of web users whose data they collect, even as they seek to disclose information about these data to selling advertising spaces. Similarly, hospitals may share patient data to attract research investments with the obligation to preserve patients' privacy. To deal with these issues, we develop a framework to study Bayesian persuasion under differential privacy constraints, where the sender must design an optimal signaling scheme for persuasion while guaranteeing the privacy of each agent's private information in the database. To understand how privacy constraints affect information disclosure, we explore two perspectives within Bayesian persuasion: one views the mechanism as releasing a posterior about the private data, while the other views it as sending an action recommendation. The posterior-based formulation helps consider privacy-utility tradeoffs, quantifying how the tightness of privacy constraints impacts the sender's optimal utility. For any instance in a common utility function family and a wide range of privacy levels, a significant constant utility gap can be found between any two of the three conditions: -differential privacy constraint, relaxation -differential privacy constraint, and no privacy constraint. We further geometrically characterize optimal signaling schemes under different types of constraints (-differential privacy, -differential privacy and Renyi differential privacy), all of which can be seen as finding concave hulls in constrained posterior regions. Meanwhile, by taking the action-based view of persuasion, we provide polynomial-time algorithms for computing optimal differentially private signaling schemes, as long as a mild homogeneous condition is met.
Paper Structure (33 sections, 29 theorems, 70 equations, 3 figures)

This paper contains 33 sections, 29 theorems, 70 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Outline of Main Results
  3. Related Work
  4. Model and Preliminaries
  5. Basic Setting
  6. Privacy Constraints to Information Disclosure
  7. Sender's Objective
  8. Alternative formulation in the posterior space
  9. Privacy-Utility Tradeoffs
  10. Warm-up: Characterization for the Single Agent Case
  11. Utility Gaps
  12. Utility gap between $\epsilon$-differential privacy and $(\epsilon,\delta)$-differential privacy
  13. Utility gap between $\epsilon$-differential privacy and no privacy
  14. Utility gap between $(\epsilon,\delta)$-differential privacy and no privacy
  15. Characterization of Privacy-Constrained Bayesian Persuasion
  16. ...and 18 more sections

Key Result

Proposition 3.1

Consider any signaling scheme for the single-agent situation. Then we have

Figures (3)

  • Figure 1: Feasible regions of posteriors when $\mu=0.5$. The pink region represents possible posteriors $(q_{s_1},q_{s_2})$ under $0.2$-differential privacy, which forms a square shape. The total area of pink and blue regions represents possible posteriors under $(0.2,0.01)$-differential privacy.
  • Figure 2: Different privacy constraints in \ref{['sep-example']}. $t=0.5$ and $\mu=0.475$. The optimal signaling schemes $(q_{s_1},q_{s_2})$ without privacy constraints and under $(0.095,0.01)$-differential privacy are shown in (a) and (b). Under $0.1$-differential privacy, no signaling scheme can guarantee a positive utility, and the feasible posterior region is shown in (c).
  • Figure 3: The feasible region $C(\mu=0.5,\epsilon=0.2)$ for $(0.2,\delta)$-differential privacy under different posteriors while $\theta\in\{0,1\}$. Note that the region is $\delta$-independent. $\gamma_1$ corresponds to the adjacent pair $(\theta=1,\theta^\prime=0)$ and $\gamma_2$ corresponds to the adjacent pair $(\theta=0,\theta^\prime=1)$. $q$ represents the probability of state $1$.

Theorems & Definitions (40)

  • Definition 2.1: $(\epsilon,\delta)$-differential privacydwork2006our
  • Proposition 3.1
  • Proposition 3.2
  • Definition 3.3
  • Theorem 3.4
  • Corollary 3.5
  • Proposition 3.6
  • Proposition 3.7
  • Corollary 3.8
  • Proposition 3.9
  • ...and 30 more