Improving Usability of Differential Privacy at Scale

Milinda Perera and Miguel Guevara‎, Google LLC


We present a framework to improve the usability of Differential Privacy (DP) by allowing practitioners to quantify and visualize privacy vs utility trade-offs of DP.

While DP has long been seen as a robust anonymization technique, there is a significant disconnect between theory, implementation, and usability. One of the biggest problems that practitioners face when using DP is forming mental models around the benefits that DP provides to end users and how DP affects data utility. Many users are not acquainted to think in terms of epsilons, deltas, and sensitivity bounds, and they shouldn't have to! Our system helps users think in terms of utility loss and user anonymity gains.

Our talk has three parts. First, we provide a very quick primer on DP. Second, we will explain why and how we build this framework. Third, we demo the system using a real dataset in real-time!

Milinda Perera, Google LLC

Milinda Perera is a Software Engineer in the Privacy group at Google. His primary focus areas include engineering usable anonymization, scaling pseudonymization, and improving privacy through cryptography. He holds a Ph.D. in Cryptography from the City University of New York (CUNY).

Miguel Guevara, Google LLC

Miguel Guevara is a Product Manager working in Google’s Differential Privacy team. His primary focus area is building systems that apply differential privacy at scale. He holds a Masters in Public Policy and is currently pursuing a Masters in Computer Science.
@inproceedings {257949,
author = {Milinda Perera and Miguel Guevara},
title = {Improving Usability of Differential Privacy at Scale},
booktitle = {2020 {USENIX} Conference on Privacy Engineering Practice and Respect ({PEPR} 20)},
year = {2020},
url = {},
publisher = {{USENIX} Association},
month = oct,

Presentation Video