Selection and Verification of Privacy Parameters for Local Differentially Private Data Aggregation

Acquiring and aggregating data from a group of individuals is crucial for studying their general behavior. Differentially Private (DP) techniques, characterized by the parameter epsilon, help to protect Individually Identifiable Data (IID) of individuals participating in such data collection. However, such techniques affect the usefulness of the data leading to a trade-off between usefulness and privacy, thereby making the selection of epsilon an important problem before data acquisition. In this work, we use a mathematical formalism to estimate usefulness and privacy for sum query as aggregate analysis for the local model of privacy. The mathematical relation enables the application of a variety of optimization techniques, discussed in the work, to select an optimal value of epsilon. Existing methods for selecting epsilon are based on financial parameters, but they heavily rely on past data and domain knowledge which may not be available in many cases. To address this, we have provided Knee-point based recommendations along with a selection criterion to choose the method of recommendation depending on the availability of information. This allows analysts to take enlightened decisions while negotiating the value of epsilon. Our experiments on synthetic and real-world datasets unambiguously demonstrate the strength of the mathematical model and the recommended values