Centering Policy and Practice: Research Gaps around Usable Differential Privacy
Rachel Cummings, Jayshree Sarathy
TL;DR
Differential privacy (DP) offers rigorous mathematical guarantees but faces usability gaps in real-world deployments. The paper presents a policy-and-practice roadmap organized around five core areas—Considerations of Use, Communication, Design and Policy, Practice, and Trust and Governance—plus concrete directions such as risk-framework development, stakeholder-tailored communications, and auditable deployments. It argues for context-aware risk assessment, interdisciplinary guidance on privacy-loss parameters, pipeline-level DP design, and robust governance practices to bridge theory and practice. By outlining actionable challenges and recommendations, the work aims to inform researchers, practitioners, and regulators on building accountable, usable DP systems and shaping future privacy policy frameworks.
Abstract
As a mathematically rigorous framework that has amassed a rich theoretical literature, differential privacy is considered by many experts to be the gold standard for privacy-preserving data analysis. Others argue that while differential privacy is a clean formulation in theory, it poses significant challenges in practice. Both perspectives are, in our view, valid and important. To bridge the gaps between differential privacy's promises and its real-world usability, researchers and practitioners must work together to advance policy and practice of this technology. In this paper, we outline pressing open questions towards building usable differential privacy and offer recommendations for the field, such as developing risk frameworks to align with user needs, tailoring communications for different stakeholders, modeling the impact of privacy-loss parameters, investing in effective user interfaces, and facilitating algorithmic and procedural audits of differential privacy systems.