End-to-End Differentially-Private Parameter Tuning in Spatial Histograms

Abstract: Differentially-private histograms have emerged as a key tool for location privacy. While past mechanisms have included theoretical & experimental analysis, it has recently been observed that much of the existing literature does not fully provide differential privacy. The missing component, private parameter tuning, is necessary for rigorous evaluation of these mechanisms. Instead works frequently tune on training data to optimise parameters without consideration of privacy; in other cases selection is performed arbitrarily and independent of data, degrading utility. We address this open problem by deriving a principled tuning mechanism that privately optimises data-dependent error bounds. Theoretical results establish privacy and utility while extensive experimentation demonstrates that we can practically achieve true end-to-end privacy.