Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

From Theory to Comprehension: A Comparative Study of Differential Privacy and $k$-Anonymity

Saskia Nuñez von Voigt, Luise Mehner, Florian Tschorsch

TL;DR

This study addresses how users comprehend the privacy guarantees of ε-differential privacy, comparing three explanatory models (DEF, RISK, RRT) against a baseline for k-anonymity. Using a drug-survey scenario, the authors evaluate subjective and objective comprehension, revealing that RRT most effectively enhances perceived understanding of differential privacy, while k-anonymity is generally more comprehensible overall. Objective measures remain highest for k-anonymity, with RISK and RRT improving differential privacy understanding but not matching the baseline simplicity of k-anonymity. The findings inform how to communicate privacy guarantees to end users and suggest that randomized-response-based explanations are promising for improving DP comprehension in practice.

Abstract

The notion of $\varepsilon$-differential privacy is a widely used concept of providing quantifiable privacy to individuals. However, it is unclear how to explain the level of privacy protection provided by a differential privacy mechanism with a set $\varepsilon$. In this study, we focus on users' comprehension of the privacy protection provided by a differential privacy mechanism. To do so, we study three variants of explaining the privacy protection provided by differential privacy: (1) the original mathematical definition; (2) $\varepsilon$ translated into a specific privacy risk; and (3) an explanation using the randomized response technique. We compare users' comprehension of privacy protection employing these explanatory models with their comprehension of privacy protection of $k$-anonymity as baseline comprehensibility. Our findings suggest that participants' comprehension of differential privacy protection is enhanced by the privacy risk model and the randomized response-based model. Moreover, our results confirm our intuition that privacy protection provided by $k$-anonymity is more comprehensible.

From Theory to Comprehension: A Comparative Study of Differential Privacy and $k$-Anonymity

TL;DR

This study addresses how users comprehend the privacy guarantees of ε-differential privacy, comparing three explanatory models (DEF, RISK, RRT) against a baseline for k-anonymity. Using a drug-survey scenario, the authors evaluate subjective and objective comprehension, revealing that RRT most effectively enhances perceived understanding of differential privacy, while k-anonymity is generally more comprehensible overall. Objective measures remain highest for k-anonymity, with RISK and RRT improving differential privacy understanding but not matching the baseline simplicity of k-anonymity. The findings inform how to communicate privacy guarantees to end users and suggest that randomized-response-based explanations are promising for improving DP comprehension in practice.

Abstract

The notion of -differential privacy is a widely used concept of providing quantifiable privacy to individuals. However, it is unclear how to explain the level of privacy protection provided by a differential privacy mechanism with a set . In this study, we focus on users' comprehension of the privacy protection provided by a differential privacy mechanism. To do so, we study three variants of explaining the privacy protection provided by differential privacy: (1) the original mathematical definition; (2) translated into a specific privacy risk; and (3) an explanation using the randomized response technique. We compare users' comprehension of privacy protection employing these explanatory models with their comprehension of privacy protection of -anonymity as baseline comprehensibility. Our findings suggest that participants' comprehension of differential privacy protection is enhanced by the privacy risk model and the randomized response-based model. Moreover, our results confirm our intuition that privacy protection provided by -anonymity is more comprehensible.
Paper Structure (33 sections, 5 equations, 5 figures, 3 tables)

This paper contains 33 sections, 5 equations, 5 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Explanatory Models
  3. Privacy Protection of $k$-anonymity
  4. Differential Privacy Definition (DEF)
  5. Epsilon as Privacy Risk (RISK)
  6. Using Randomized Response (RRT)
  7. Methodology
  8. Measures
  9. Comprehension
  10. Covariates
  11. Scenario and Explanations
  12. Experimental Process
  13. Overview of the Study Design
  14. Procedure of Explanations
  15. Procedure after Explanations
  16. ...and 18 more sections

Figures (5)

  • Figure 1: Overview of the study design.
  • Figure 2: Differences between scores for comprehension of $k$-anonymity and differential privacy.
  • Figure 3: Proportion of correctly answered questions on objective comprehension.
  • Figure 4: Comparison regarding comprehensibility and privacy prevention.
  • Figure 5: Correlations of comprehension.