Optimal Distribution of Privacy Budget in Differential Privacy

  • Anis Bkakria
  • Aimilia TasidouEmail author
  • Nora Cuppens-Boulahia
  • Frédéric Cuppens
  • Fatma Bouattour
  • Feten Ben Fredj
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)


Privacy budget management plays an important role when applying differential privacy, as it sets an upper limit in the ability to utilise the private database. In this paper, we explore the possibility of extending the total allocated privacy budget, taking into consideration the data consumer characteristics and the data utilisation context. To this end, we first study the problem of privacy budget distribution in adaptive multi-data consumer differential privacy use cases. Then, we present an extension of the classic differential privacy formal model that allows taking into consideration data consumers’ information disclosure risk when distributing the privacy budget among them. Finally, we define a method that allows to optimally distribute a given privacy budget among a private database’s data consumers.


Differential privacy Privacy budget distribution Information disclosure risk 


  1. 1.
    Adams, A.: The implications of users’ multimedia privacy perceptions on communication and information privacy policies. In: Proceedings of Telecommunications Policy Research Conference, Washington DC, p. 20 (1999)Google Scholar
  2. 2.
    Barak, B., Chaudhuri, K., Dwork, C., Kale, S., McSherry, F., Talwar, K.: Privacy, accuracy, and consistency too: a holistic solution to contingency table release. In: Proceedings of the Twenty-Sixth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 273–282. ACM (2007)Google Scholar
  3. 3.
    Barker, K., et al.: A data privacy taxonomy. In: Sexton, A.P. (ed.) BNCOD 2009. LNCS, vol. 5588, pp. 42–54. Springer, Heidelberg (2009). Scholar
  4. 4.
    Chalermsook, P., Chuzhoy, J., Kannan, S., Khanna, S.: Improved hardness results for profit maximization pricing problems with unlimited supply. In: Gupta, A., Jansen, K., Rolim, J., Servedio, R. (eds.) APPROX/RANDOM -2012. LNCS, vol. 7408, pp. 73–84. Springer, Heidelberg (2012). Scholar
  5. 5.
    Cormode, G., Procopiuc, M., Srivastava, D., Tran, T.T.: Differentially private publication of sparse data. arXiv preprint arXiv:1103.0825 (2011)
  6. 6.
    Dankar, F.K., Badji, R.: A risk-based framework for biomedical data sharing. J. Biomed. Inform. 66, 231–240 (2017)CrossRefGoogle Scholar
  7. 7.
    Dix, A.J.: Information processing, context and privacy. In: INTERACT, pp. 15–20 (1990)Google Scholar
  8. 8.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). Scholar
  9. 9.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). Scholar
  10. 10.
    Dwork, C., Roth, A., et al.: The algorithmic foundations of differential privacy. Found. Trends® Theor. Comput. Sci. 9(3–4), 211–407 (2014)MathSciNetCrossRefGoogle Scholar
  11. 11.
    El Emam, K.: Risk-based de-identification of health data. IEEE Secur. Priv. 3, 64–67 (2010)CrossRefGoogle Scholar
  12. 12.
    El Emam, K.: Guide to the De-identification of Personal Health Information. Auerbach Publications, Boca Raton (2013)CrossRefGoogle Scholar
  13. 13.
    El Emam, K., Dankar, F.K., Vaillancourt, R., Roffey, T., Lysyk, M.: Evaluating the risk of re-identification of patients from hospital prescription records. Can. J. Hosp. Pharm. 62(4), 307 (2009)Google Scholar
  14. 14.
    Hardt, M., Talwar, K.: On the geometry of differential privacy. In: Proceedings of the Forty-Second ACM Symposium on Theory of Computing, pp. 705–714. ACM (2010)Google Scholar
  15. 15.
    Hay, M., Rastogi, V., Miklau, G., Suciu, D.: Boosting the accuracy of differentially private histograms through consistency. Proc. VLDB Endow. 3(1–2), 1021–1032 (2010)CrossRefGoogle Scholar
  16. 16.
    Lederer, S., Dey, A.K., Mankoff, J.: A conceptual model and a metaphor of everyday privacy in ubiquitous. Technical report, Berkeley, CA, USA (2002)Google Scholar
  17. 17.
    Lessig, L.: The architecture of privacy. Vand. J. Ent. L. Prac. 1, 56 (1999)Google Scholar
  18. 18.
    Li, C., Hay, M., Rastogi, V., Miklau, G., McGregor, A.: Optimizing linear counting queries under differential privacy. In: Proceedings of the Twenty-Ninth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 123–134. ACM (2010)Google Scholar
  19. 19.
    McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of data, pp. 19–30. ACM (2009)Google Scholar
  20. 20.
    Roy, I., Setty, S.T., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: security and privacy for mapreduce. NSDI 10, 297–312 (2010)Google Scholar
  21. 21.
    Xiao, X., Wang, G., Gehrke, J.: Differential privacy via wavelet transforms. IEEE Trans. Knowl. Data Eng. 23(8), 1200–1214 (2011)CrossRefGoogle Scholar
  22. 22.
    Xu, J., Zhang, Z., Xiao, X., Yang, Y., Yu, G., Winslett, M.: Differentially private histogram publication. VLDB J. 22(6), 797–822 (2013)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Anis Bkakria
    • 1
  • Aimilia Tasidou
    • 1
    Email author
  • Nora Cuppens-Boulahia
    • 1
  • Frédéric Cuppens
    • 1
  • Fatma Bouattour
    • 2
  • Feten Ben Fredj
    • 2
  1. 1.IMT AtlantiqueCesson-SévignéFrance
  2. 2.Digital & EthicsParisFrance

Personalised recommendations