The differentially private (DP) facility location problem seeks to determine a socially optimal placement for a public facility while ensuring that each participating agent's location remains private. To privatize its input data, a DP mechanism must inject noise into its output distribution, producing a placement that will have lower expected social welfare than the optimal spot for the facility. The privacy-induced welfare loss can be viewed as the "cost of privacy," illustrating a tradeoff between social welfare and privacy that has been the focus of prior work. Yet, the imposition of privacy also induces a third consideration that has not been similarly studied: fairness in how the "cost of privacy" is distributed across individuals. For instance, a mechanism may satisfy DP with minimal social welfare loss, yet still be undesirable if that loss falls entirely on one individual. In this paper, we quantify this new notion of unfairness and design mechanisms for facility location that attempt to simultaneously optimize across privacy, social welfare, and fairness. We first derive an impossibility result, showing that privacy and fairness cannot be simultaneously guaranteed over all possible datasets that could represent the locations of individuals in a population. We then consider a relaxation that still requires worst-case DP, but only seeks fairness and social welfare over smaller, more "realistic-looking" families of datasets. For this relaxation, we construct a DP mechanism and demonstrate that it is simultaneously optimal (or, for a harder family of datasets, near-optimal up to small factors) on fairness and social welfare. This suggests that while there is a tradeoff between privacy and each of social welfare and fairness, there is no additional tradeoff when we consider all three objectives simultaneously, provided that the population data is sufficiently natural.

翻译：差分隐私（DP）设施选址问题旨在确定公共设施的社会最优选址，同时确保每个参与代理的位置信息保持私密。为对输入数据进行隐私化处理，DP机制必须在输出分布中注入噪声，从而产生一个比最优设施位置预期社会福利更低的选址方案。隐私导致的社会福利损失可视为"隐私成本"，体现了此前工作中关注的社会福利与隐私之间的权衡。然而，隐私的引入还带来了第三个尚未被充分研究的考量因素：即"隐私成本"在个体间的分配公平性。例如，某个机制可能以极小的社会福利损失满足DP要求，但如果该损失完全由某一单独个体承担，这种机制仍不可取。本文量化了这一新的不公平性概念，并设计了同时优化隐私、社会福利与公平性的设施选址机制。我们首先推导出不可能性结论：对于所有可能代表群体中个体位置的数据集，隐私与公平性无法同时得到保证。继而我们考虑了一种放松条件：仍要求最坏情况下的DP，但仅需在更小、更"贴近现实"的数据集族上实现公平性与社会福利目标。针对该放松条件，我们构建了一个DP机制，并证明其在公平性与社会福利上同时达到最优（对于较难的数据集族，则达到小因子范围内的近最优）。这表明，尽管隐私与社会福利、公平性各自存在权衡，但当同时考虑这三个目标时，只要人口数据足够自然，则不会产生额外的权衡。