2022 USENIX Conference on Privacy Engineering Practice and Respect Key Takeaways.
The 2022 USENIX Conference on Privacy Engineering Practice and Respect (PEPR ’22) focuses on designing and building products and systems that respect their users’ privacy and the societies in which they operate.
The talks at PEPR’22 gave encouragement that a new “privacy protection industry” is emerging, with new privacy technologies being developed and discoveries being made to assist users in gaining more control and transparency over their personal data. Such advancements unquestionably reflect a step toward making privacy a “human-value-focused” need rather than a “compliance-only” mandate.
Some of the privacy topics that were covered in the conference included differential privacy, privacy threat modeling, consent management, effective privacy labeling and standardization, privacy incident management, privacy in different areas (e.g., smart home devices, browsers, AI chatbots), privacy for vulnerable groups (e.g., children and non-binary gender), privacy by design and so on.
Here are the key takeaways from the conference.
Differential privacy (DP) is an increasingly popular tool for preserving individuals’ privacy by adding statistical uncertainty when sharing sensitive data. However, DP has practical challenges that include the need for iterative exploration and negotiation with data custodians and analysts on the choice of privacy parameters (e.g., epsilon and delta), DP variants (different algorithms/mechanisms e.g., Gaussian and Laplacian mechanisms), and data statistics (e.g., mean, variance and sum).
Further, there is tension between data minimization (limiting data collection) and differential privacy: differential privacy gives nearly accurate results on large datasets, however, collecting a large amount of data can infringe the privacy of individuals and transgress regulations.
Contextual Integrity (CI) , is another aspect that was introduced, to help with these decisional choices on applying DP. CI captures socially nuanced requirements of privacy. To capture such nuances, it comes…