"I need a better description": An Investigation Into User Expectations For Differential Privacy

This is an outdated version published on 2023-08-31. Read the most recent version.

PDF Github

Published: Aug 31, 2023

Versions:

2024-05-23 (2)

2023-08-31 (1)

DOI: https://doi.org/10.29012/jpc.813

Keywords:

Differential Privacy, Human Factors, Usable Security, Usable Privacy

Rachel Cummings

Columbia University

https://orcid.org/0000-0002-1196-1515

Gabriel Kaptchuk

Boston University

https://orcid.org/0000-0002-8886-4748

Elissa Redmiles

Max Planck Institute for Software Systems

https://orcid.org/0000-0003-3930-8128

Abstract

Despite recent widespread deployment of differential privacy, relatively little is known about what users think of differential privacy. In this work, we seek to explore users' privacy expectations related to differential privacy. Specifically, we investigate (1) whether users care about the protections afforded by differential privacy, and (2) whether they are therefore more willing to share their data with differentially private systems. Further, we attempt to understand (3) users' privacy expectations of the differentially private systems they may encounter in practice and (4) their willingness to share data in such systems. To answer these questions, we use a series of rigorously conducted surveys (n=2424).

We find that users care about the kinds of information leaks against which differential privacy protects and are more willing to share their private information when the risks of these leaks are less likely to happen. Additionally, we find that the ways in which differential privacy is described in-the-wild haphazardly set users' privacy expectations, which can be misleading depending on the deployment. We synthesize our results into a framework for understanding a user's willingness to share information with differentially private systems, which takes into account the interaction between the user's prior privacy concerns and how differential privacy is described.

How to Cite

Cummings, Rachel, Gabriel Kaptchuk, and Elissa Redmiles. 2023. “‘I Need a Better description’: An Investigation Into User Expectations For Differential Privacy”. Journal of Privacy and Confidentiality 13 (1). https://doi.org/10.29012/jpc.813.

Issue

Vol. 13 No. 1 (2023): Regular issue, including articles based on presentations at TPDP 2021

Section

TPDP 2021

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright is retained by the authors. By submitting to this journal, the author(s) license the article under the Creative Commons License – Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), unless choosing a more lenient license (for instance, public domain). For situations not allowed under CC BY-NC-ND, short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit, including © notice, is given to the source.

Authors of articles published by the journal grant the journal the right to store the articles in its databases for an unlimited period of time and to distribute and reproduce the articles electronically.

Funding data

Defense Advanced Research Projects Agency
Grant numbers W911NF-21-1-0371;HR00112020021
Division of Computer and Network Systems
Grant numbers CNS-1850187;CNS-1942772;CNS-2030859
Mozilla Foundation
JPMorgan Chase and Company

about2

The Journal of Privacy and Confidentiality is an open-access multi-disciplinary journal whose purpose is to facilitate the coalescence of research methodologies and activities in the areas of privacy, confidentiality, and disclosure limitation. The JPC seeks to publish a wide range of research and review papers, not only from academia, but also from government (especially official statistical agencies) and industry, and to serve as a forum for exchange of views, discussion, and news. For more information, see the About the Journal page.