Quiz Entry - updated: 2026.05.31
How does Differential Privacy (DP) make individual contributions to a dataset unrecoverable?
DP adds carefully calibrated random noise to query results so that the presence or absence of any single individual changes the output only by a bounded amount — captured by a privacy budget ε (epsilon).
The intuition:
- You ask a database "how many of these patients have disease X?"
- The exact count would reveal individual contributions (if you re-ask after one person leaves, you learn their status).
- DP returns "count + Laplace noise" — the noise is large enough that one person's data can't be inferred, but small enough that aggregate statistics are still useful.
The math (very simplified):
- For a query with sensitivity
Δ(the maximum any one individual can change the result), the noise scale isΔ/ε. - Smaller
ε→ more noise → stronger privacy but less accuracy. - Each query consumes part of a finite privacy budget; after enough queries, the dataset can no longer be queried.
Real-world deployments:
- Apple — DP applied to iOS keyboard suggestions, emoji telemetry, Safari usage stats.
- Google — Chrome usage telemetry (RAPPOR), federated learning aggregation.
- US Census Bureau — 2020 Census published with DP-protected counts.
Common confusion:
- "Anonymisation" = removing identifiers (name, address). Easily defeated by linkage attacks.
- "Differential privacy" = mathematically bounding what can be inferred. Provably hard to defeat, even with auxiliary data.
Tip: DP is one of the few privacy notions with a clean mathematical guarantee instead of "we tried our best." When evaluating a privacy claim, ask "is there an explicit ε, and how was it chosen?" — vague "we use differential privacy" with no ε is marketing.