Privacy-Constrained Signals
Zhang Xu, Wei Zhao
TL;DR
This work develops a general framework to characterize the set of feasible signals under privacy constraints by treating privacy as a random variable $\tilde{\theta}$ over the state and analyzing the Blackwell frontier of feasible posteriors. A two-stage decomposition is proposed: (i) a minimum-informative extension that lifts a distribution over posteriors about $\tilde{\theta}$ to a distribution over full-state posteriors with minimal extra information, and (ii) a Blackwell-undominated, conditionally privacy-preserving signal that, when joined with the first stage, yields a privacy-constrained signal on the frontier. The main result shows that any $\mathcal{P}$-privacy-constrained signal is Blackwell-equivalent to a join of a minimum-informative extension and a conditional privacy-preserving component, reducing frontier construction to handling the frontier of the privacy-permissible set. The paper specializes the frontier analysis to ex-post privacy (including differential and inferential privacy) and to posterior-mean privacy, providing explicit characterizations via extreme points and two-point posterior supports. This framework enables systematic design of signals that trade off information disclosure against privacy in economics and data-sharing settings, with clear computational directions and limitations highlighted for future work.
Abstract
This paper provides a unified approach to characterize the set of all feasible signals subject to privacy constraints. The Blackwell frontier of feasible signals can be decomposed into minimum informative signals achieving the Blackwell frontier of privacy variables, and conditionally privacy-preserving signals. A complete characterization of the minimum informative signals is then provided. We apply the framework to ex-post privacy (including differential and inferential privacy) and to constraints on posterior means of arbitrary statistics.