People Want Data Privacy but Don’t Always Know What They’re Getting

When differential privacy was developed in 2006, it was mostly regarded as a theoretically interesting tool. In 2014, Google became the first company to start publicly using differential privacy for data collection.

Since then, new systems using differential privacy have been deployed by Microsoft, Google and the U.S. Census Bureau. Apple uses it to power machine learning algorithms without needing to see your data, and Uber turned to it to make sure their internal data analysts can’t abuse their power. Differential privacy is often hailed as the solution to the online advertising industry’s privacy issues by allowing advertisers to learn how people respond to their ads without tracking individuals.

Reasonable Expectations?
But it’s not clear that people who are weighing whether to share their data have clear expectations about, or understand, differential privacy.

In July, we, as researchers at Boston University, the Georgia Institute of Technology and Microsoft Research and the Max Planck Institute, surveyed 675 Americans to evaluate whether people are willing to trust differentially private systems with their data.

We created descriptions of differential privacy based on those used by companies, media outlets and academics. These definitions ranged from nuanced descriptions that focused on what differential privacy could allow a company to do or the risks it protects against, descriptions that focused on trust in the many companies that are now using it and descriptions that simply stated that differential privacy is “the new gold standard in data privacy protection,” as the Census Bureau has described it.

Americans we surveyed were about twice as likely to report that they would be willing to share their data if they were told, using one of these definitions, that their data would be protected with differential privacy. The specific way that differential privacy was described, however, did not affect people’s inclination to share. The mere guarantee of privacy seems to be sufficient to alter people’s expectations about who can access their data and whether it would be secure in the event of a hack. In turn, those expectations drive people’s willingness to share information.

Troublingly, people’s expectations of how protected their data will be with differential privacy are not always correct. For example, many differential privacy systems do nothing to protect user data from lawful law enforcement searches, but 20% of respondents expected this protection.

The confusion is likely due to the way that companies, media outlets and even academics describe differential privacy. Most explanations focus on what differential privacy does or what it can be used for, but do little to highlight what differential privacy can and can’t protect against. This leaves people to draw their own conclusions about what protections differential privacy provides.

Building Trust
To help people make informed choices about their data, they need information that accurately sets their expectations about privacy. It’s not enough to tell people that a system meets a “gold standard” of some types of privacy without telling them what that means. Users shouldn’t need a degree in mathematics to make an informed choice.

[Deep knowledge, daily. Sign up for The Conversation’s newsletter.]

Identifying the best ways to clearly explain the protections provided by differential privacy will require further research to identify which expectations are most important to people who are considering sharing their data. One possibility is using techniques like privacy nutrition labels.

Helping people align their expectations with reality will also require companies using differential privacy as part of their data collecting activities to fully and accurately explain what is and isn’t being kept private and from whom.

Gabriel Kaptchuk is Researcher Assistant Professor in Computer Science, Boston University. Elissa M. Redmiles is Faculty member & Research Group Leader, Max Planck Institute. Rachel Cummings is Assistant Professor of Industrial and Systems Engineering, Georgia Institute of Technology. This article is published courtesy of The Conversation.