Discounted Differential Privacy: Privacy of Evolving Datasets over an Infinite Horizon
In this paper, we define discounted differential privacy, as an alternative to (conventional) differential privacy, to investigate privacy of evolving datasets, containing time series over an unbounded horizon. Evolving datasets arise in energy systems (e.g., real-time smart meter measurements), transportation (e.g., real-time traces of individual movements), and retail industry (e.g., customer interactions and purchases from online stores). We first define privacy loss as a measure of the amount of information leaked by the reports at a certain fixed time and relate privacy loss to differential privacy. We observe that privacy losses are weighted equally across time in the definition of differential privacy, and therefore the magnitude of privacy-preserving additive noise must grow without bound to ensure differential privacy over an infinite horizon. Motivated by the discounted utility theory within the economics literature, we use exponential and hyperbolic discounting of privacy losses across time to relax the definition of differential privacy under continual observations. This implies that privacy losses in a distant past are less important than the current ones to an individual. We use discounted differential privacy to investigate privacy of evolving datasets using additive Laplace noise and show that the magnitude of the additive noise can remain bounded under discounted differential privacy. We illustrate the quality of privacy-preserving mechanisms satisfying discounted differential privacy on smart-meter measurement time-series of real households, made publicly available by the Ausgrid (an Australian electricity distribution company).
READ FULL TEXT