Selling Privacy at Auction
In this talk, we will consider the problem of setting up markets for private data, though the lens of differential privacy. Specifically, we consider a setting in which a data analyst wishes to buy information from a population from which he can estimate some statistic. The analyst wishes to obtain an accurate estimate cheaply.
On the other hand, the owners of the private data experience some cost for their loss of privacy, and must be compensated for this loss.
Agents are selfish, and wish to maximize their profit, so our goal is to design truthful mechanisms.
Our main result is that such auctions can naturally be viewed and optimally solved as variants of multi-unit procurement auctions. Based on this result, we derive auctions for two natural settings which are optimal up to small constant factors:
1) In the setting in which the data analyst has a fixed accuracy goal, we show that an application of the classic Vickrey auction achieves the analyst’s accuracy goal while minimizing his total payment.
2) In the setting in which the data analyst has a fixed budget, we give a mechanism which maximizes the accuracy of the resulting estimate while guaranteeing that the resulting sum payments do not exceed the analysts budget.
In both of these results, we ignore the privacy cost due to possible correlations between an individuals private data and his valuation for privacy itself. We then show that no individually rational mechanism can compensate individuals for the privacy loss incurred due to their reported valuations for privacy. This is nevertheless an important issue, and modeling it correctly is one of the many exciting directions for future work.
This talk is based on joint work with Arpita Ghosh