BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Sabre//Sabre VObject 4.5.8//EN CALSCALE:GREGORIAN LAST-MODIFIED:20241106T183538Z BEGIN:VTIMEZONE TZID:America/Los_Angeles X-MICROSOFT-CDO-TZID:13 BEGIN:STANDARD DTSTART:20231105T090000 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 TZNAME:PST END:STANDARD BEGIN:STANDARD DTSTART:20241103T090000 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 TZNAME:PST END:STANDARD BEGIN:DAYLIGHT DTSTART:20240310T100000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 TZNAME:PDT END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:e75479d6-b578-4565-bd53-4f30a259726e DTSTAMP:20241106T183538Z SUMMARY:An Individual Differential Privacy Framework for Rigorous and High- Utility Privacy Accounting in Web Measurement DTSTART;TZID=America/Los_Angeles:20240925T131500 DTEND;TZID=America/Los_Angeles:20240925T141500 DESCRIPTION:https://www.w3.org/events/meetings/e75479d6-b578-4565-bd53-4f30 a259726e/\n\n@bmcase and I\, along with several differential privacy resea rchers\, have developed a compelling privacy framework where each device t racks and controls the privacy loss incurred by the user’s participation in various measurements\, such as advertising\, engagement\, or mobility analytics. Currently\, these measurements require collecting sensitive use r activity traces (e.g.\, visited sites\, purchases)\, which raises privac y concerns. Our framework proposes a privacy-preserving alternative: the d evice tracks activity locally and generates encrypted reports\, which can be aggregated by a trusted execution engine (TEE) or secure multi-party co mputation system.\n\nWe formalize our framework using *individual differen tial privacy*\, allowing each device to account for and constrain their ow n user’s privacy loss toward each measurement party. This approach offer s significant privacy-utility benefits over traditional models and improve s transparency by letting users monitor their privacy on each device. Howe ver\, it also introduces potential biases in measurement results\, which w e are working to address\, but for whose design we require the community ’s input.\n\nAt the breakout\, we thus plan to:\n1. Present our privacy framework\, which we developed initially for advertising measurement use c ases.\n2. Seek community feedback on applying the framework to other domai ns\, as we believe our framework is much more general.\n3. Discuss strateg ies to mitigate bias introduced by individual privacy tracking.\n\nAn acad emic paper describing our privacy framework can be found [here](https://ar xiv.org/abs/2405.16719).\n\nAgenda\n\n**Chairs:**\nRoxana Geambasu\, Benja min Case\n\n**Description:**\n@bmcase and I\, along with several different ial privacy researchers\, have developed a compelling privacy framework wh ere each device tracks and controls the privacy loss incurred by the user ’s participation in various measurements\, such as advertising\, engagem ent\, or mobility analytics. Currently\, these measurements require collec ting sensitive user activity traces (e.g.\, visited sites\, purchases)\, w hich raises privacy concerns. Our framework proposes a privacy-preserving alternative: the device tracks activity locally and generates encrypted re ports\, which can be aggregated by a trusted execution engine (TEE) or sec ure multi-party computation system.\n\nWe formalize our framework using *i ndividual differential privacy*\, allowing each device to account for and constrain their own user’s privacy loss toward each measurement party. T his approach offers significant privacy-utility benefits over traditional models and improves transparency by letting users monitor their privacy on each device. However\, it also introduces potential biases in measurement results\, which we are working to address\, but for whose design we requi re the community’s input.\n\nAt the breakout\, we thus plan to:\n1. Pres ent our privacy framework\, which we developed initially for advertising m easurement use cases.\n2. Seek community feedback on applying the framewor k to other domains\, as we believe our framework is much more general.\n3. Discuss strategies to mitigate bias introduced by individual privacy trac king.\n\nAn academic paper describing our privacy framework can be found [ here](https://arxiv.org/abs/2405.16719).\n\n**Goal(s):**\nTo present our i ndividual differential privacy framework for web measurements\, gather com munity feedback on extending its application beyond advertising\, and expl ore strategies for addressing challenges like bias in measurement results. \n\n\n**Agenda:**\nOutline:\n- Background on ad measurements and emerging APIs\n- Our privacy framework: Cookie Monster\n- Discussion on broader app lications and bias mitigation\n\n**Materials:**\n- [slides](https://www.w3 .org/2024/Talks/TPAC/breakouts/differential-privacy.pdf)\n- [minutes](http s://www.w3.org/2024/09/breakouts/minutes-95.html)\n- [minutes (initial goo gle doc)](https://docs.google.com/document/d/1-U3VfLRd7EtXlQvt4Z_jqIgzE82o FrWTcnFeviXjwmM/edit#heading=h.fcwl9ktndbpo)\n- [Session proposal on GitHu b](https://github.com/w3c/tpac2024-breakouts/issues/95) STATUS:CONFIRMED CREATED:20240916T220317Z LAST-MODIFIED:20241106T183538Z SEQUENCE:2 ORGANIZER;CN=W3C Calendar;PARTSTAT=ACCEPTED;ROLE=NON-PARTICIPANT:mailto:nor eply@w3.org LOCATION:4 Concourse Level - Huntington CATEGORIES:TPAC 2024,Breakout Sessions END:VEVENT END:VCALENDAR