Differential Privacy Configurations in the Real World: A Comparative Analysis

An increasing number of technologies depend on the large-scale collection of individual-level data, whether for gathering statistical insights from billions of users or for training AI models. However, reliance on personal data raises privacy concerns that, in turn, limit the collection and analysis essential to these technologies. Differential Privacy (DP) has gained traction in both academia and industry, ensuring privacy by adding carefully crafted noise to data or its outputs based on a pre-defined privacy loss budget ϵ. As real-world implementations emerge, we can examine how DP is practically used beyond academic settings, supporting industry adoption and expanding knowledge on DP applications. Using a systematic process, we comprehensively surveyed the deployed parameters of DP configurations in both commercial and governmental implementations (n=140) and compared them to those employed in academic research. We also propose a high-level taxonomy for DP configuration that captures practical implementations of differentially-private Machine Learning (ML) and Federated Learning (FL) applications, and highlights key factors such as the privacy unit and the privacy loss budget ϵ. Our results show that, on average, ϵ values utilized in industry span a wider range than those used in academic research, with distinct configuration policies for governmental and commercial organizations. Moreover, we identified contrasting reasoning behind ϵ selection across deployment environments, as well as insufficient transparency in how commercial organizations report implemented DP parameters and limited support for user-oriented configuration. Finally, we discuss how the collected knowledge can be used to create methodological guidelines for the configuration of DP in real-world environments, supporting the vision of an Epsilon Registry.