‍16 / 12 / 2020

Formal privacy models white paper

Formal Privacy Models: K-anonymity And Differential Privacy


Explore the application and reasoning behind these formal privacy models.

Download White Paper

In today’s world, analyzing large volumes of data has become the norm. This collected data, however, often contains sensitive personal data, and processing such personal data triggers concerns about the privacy of the individuals in that data. Attempts to address these privacy concerns at a technical level can be traced back as far as the 1970s with statistical disclosure control, where Tore Dalenius discussed the challenge of releasing personal data while preserving the privacy of the individuals in a dataset.

When looking at the challenge of preserving privacy or reducing the risk of re-identification, we frequently come across mentions of k-anonymity and differential privacy. Other popular privacy models include l-diversity and t-closeness, but over 80 of these privacy models (also known as privacy definitions or privacy metrics) are described. The idea behind using such privacy models for datasets is that compliance with these models enables reasoning about the risk of re-identification based on mathematical guarantees.


K-anonymity is a formal privacy model that has been proposed by data anonymization and privacy researchers. K-anonymity categorizes attributes into the following non-exclusive categories: identifiers, quasi-identifiers, and sensitive attributes. A common misconception relating to privacy models, such as k-anonymity or differential privacy, is that they are privacy ‘techniques’. However, k-anonymity is not a privacy technique; instead, it can be considered as a characteristic of a dataset.

Differential Privacy

Another popular formal privacy model is differential privacy, which was designed to allow analysts to query a database interactively and ensure that a query response is insensitive to any specific record in the database. Similar to k-anonymity, differential privacy is a characteristic of a dataset rather than being a technique.

The white paper uses real-world scenarios to demonstrate how k-anonymity and differential privacy can be applied to strike the right balance between analytical utility and data privacy.

Download the white paper to learn more about these formal privacy models and how they can be used to address privacy concerns.


Read More

What They Don’t Tell You About Pseudonymization
International data transfer
5 Insights for International Data Transfers
Global Data Visionaries Report
Global Data Visionaries Report

White papers