The value of privacy: Strategic data subjects, incentive mechanisms, and fundamental limits

We study the value of data privacy in a game-theoretic model of trading private data, where a data collector purchases private data from strategic data subjects (individuals) through an incentive mechanism. One primary goal of the data collector is to learn some desired information from the elicited data. Specifically, this information is modeled by an underlying state, and the private data of each individual represents his of her knowledge about the state. Departing from most of the existing work on privacy-aware surveys, our model does not assume the data collector to be trustworthy. Further, an individual takes full control of his or her own data privacy and reports only a privacy-preserving version of his or her data. In this article, the value of ϵ units of privacy is measured by the minimum payment among all nonnegative payment mechanisms, under which an individual's best response at a Nash equilibrium is to report his or her data in an ϵ-locally differentially private manner. The higher ϵ is, the less private the reported data is. We derive lower and upper bounds on the value of privacy that are asymptotically tight as the number of data subjects becomes large. Specifically, the lower bound assures that it is impossible to use a lower payment to buy ϵ units of privacy, and the upper bound is given by an achievable payment mechanism that we design. Based on these fundamental limits, we further derive lower and upper bounds on the minimum total payment for the data collector to achieve a given accuracy target for learning the underlying state and show that the total payment of the designed mechanism is at most one individual's payment away from the minimum.