Differential privacy is a popular privacy-enhancing technology that has been deployed both in industry and government agencies. Unfortunately, existing explanations of differential privacy fail to set accurate privacy expectations for data subjects, which depend on the choice of deployment model. We design and evaluate new explanations of differential privacy for the local and central models, drawing inspiration from prior work explaining other privacy-enhancing technologies. We find that consequences-focused explanations in the style of privacy nutrition labels that lay out the implications of differential privacy are a promising approach for setting accurate privacy expectations. Further, we find that while process-focused explanations are not enough to set accurate privacy expectations, combining consequences-focused explanations with a brief description of how differential privacy works leads to greater trust.
View on arXiv