Integrating Differential Privacy and Contextual Integrity

Differential privacy (DP) is an algorithmic privacy technique that incorporates noise parameters and probabilistic uncertainty, but provides little to no guidance as to the choice of these model parameters in practice. Contextual integrity (CI) instead theorizes privacy as appropriate information flow based on norms that inhere in social contexts. We propose a hybrid theory of DP and CI that can better inform privacy by design in practice. We augment the CI framework with an additional information norm parameter, transmission property, which denotes the quantitative form of the information flow, such as “with differential privacy” or “with 95% confidence”. We use this method to develop a way to define assumptions about contextual purposes and societal values, and to solve for the optimal information norms. DP’s continuous information design can support the purposes of some social spheres better than the coarse-grained information flows understood by CI. We apply this framework to three cases: the U.S. census, medical data sharing, and federated learning.