Balancing the privacy-utility trade-off: How to draw reliable conclusions from private data

Abstract

Absolute anonymization, conceived as an irreversible transformation that prevents re-identification and sensitive value disclosure, has proven to be a broken promise. Consequently, modern data protection must shift toward a privacy-utility trade-off grounded in risk mitigation. Differential Privacy (DP) offers a rigorous mathematical framework for balancing quantified disclosure risk with analytical usefulness. Nevertheless, widespread adoption remains limited, largely because effective translation of complex technical concepts, such as privacy-loss parameters, into forms meaningful to non-technical stakeholders has yet to be achieved. This difficulty arises from the inherent use of randomization: both legitimate analysts and potential adversaries must draw conclusions from uncertain observations rather than deterministic values. In this work, we propose a new interpretation of the privacy-utility trade-off based on hypothesis testing. This perspective explicitly accounts for the uncertainty introduced by randomized mechanisms in both membership inference scenarios and general data analysis. In particular, we introduce the concept of relative disclosure risk to quantify the maximum reduction in uncertainty an adversary can obtain from protected outputs, and we show that this measure is directly related to standard privacy-loss parameters. At the same time, we analyze how DP affects analytical validity by studying its impact on hypothesis tests commonly used to assess the statistical significance of empirical results. Finally, we provide practical guidance, accessible to non-experts, for navigating the privacy-utility trade-off, aiding in the selection of suitable protection mechanisms and the values for the privacy-loss parameters.

Figures (5)

• Figure 1: Trade-off functions (solid) and pure, resp. approx, DP bounds (dashed) for three classical $f$-DP mechanism: Laplace (left), Gaussian (center) and Uniform Random Sampling (right) with $\sup_{D,D'} |q(D) - q(D')| = 1$ and $n= 5$.
• Figure 2: Posterior probability obtained by updating the prior probability following a successful membership attack on queries protected using Laplace (top row), Gaussian (middle row) and Uniform Random sampling (bottom row) mechanisms for privacy-loss parameters $\mu = 0.1$ (left), $1$ (middle), $2.5$ (right).
• Figure 3: Relative disclosure risk for the Laplace (top) and Gaussian (bottom) mechanisms as function of $\alpha$ for privacy-loss parameters $\mu = 0.1$ (left), $1$ (middle), $2.5$ (right).
• Figure 4: Statistical power of the best achievable membership attack on queries protected with the Laplace (left) and Gaussian (right) mechanisms as function of the privacy-loss parameter $\mu$ for multiple choices of false positive rate $\alpha_0$.
• Figure 5: Top: Power function of a Z-test at a confidence level $\alpha_0 = 0.01$ for a mean query protected with a Gaussian mechanism over data $x_i \in [0,1]$ suffering from Gaussian noise with $\sigma = 0.25$. Bottom: ROC-curve of a Z-test with alternative mean $m = 0.2$. for a mean query protected with a Gaussian mechanism. The privacy loss parameter $\mu = \infty$ correspond to the release of a non-protected query.

Theorems & Definitions (14)

• Definition 1
• Definition 2
• Example 1
• Example 2
• Example 3
• Definition 3
• Definition 4
• Definition 5
• Definition 6
• Theorem 1