2:00pm
Contextual Privacy
Abstract:
In many markets, protecting participants' privacy comes into tension with economic and social objectives. We outline a framework for comparing the privacy of different protocols used to implement market rules and carry out computations. Protocols produce a set of contextual privacy violations—information learned about participants that may be superfluous given the context. A protocol is maximally contextually private if there is no protocol that produces a subset of the violations it produces, while still carrying out the market rule. We show that selecting a maximally contextually private protocol involves a deliberate decision about whose privacy is most important to protect, and these protocols delay questions to those they aim to protect. Using the second-price auction rule as an instructive example, we derive a novel design that is maximally contextually private which we call the ascending-join protocol.
