We examine the privacy-enhancing properties of importance sampling. In importance sampling, selection probabilities are heterogeneous and each selected data point is weighted by the reciprocal of its selection probability. Due to the heterogeneity of importance sampling, we express our results within the framework of personalized differential privacy. We first consider the general case where an arbitrary personalized differentially private mechanism is subsampled with an arbitrary importance sampling distribution and show that the resulting mechanism also satisfies personalized differential privacy. This constitutes an extension of the established privacy amplification by subsampling result to importance sampling. Then, for any fixed mechanism, we derive the sampling distribution that achieves the optimal sampling rate subject to a worst-case privacy constraint. Empirically, we evaluate the privacy, efficiency, and accuracy of importance sampling on the example of k-means clustering.

翻译：我们研究了重要性抽样的隐私增强特性。在重要性抽样中，选择概率是异质的，每个被选中的数据点按其选择概率的倒数进行加权。由于重要性抽样的异质性，我们在个性化差分隐私框架内表达我们的结果。我们首先考虑一般情况，即任意个性化差分隐私机制使用任意重要性抽样分布进行子采样，并证明所得机制同样满足个性化差分隐私。这构成了已建立的基于子采样的隐私放大结果向重要性抽样的扩展。然后，对于任意固定机制，我们推导出在满足最坏情况隐私约束下实现最优抽样率的抽样分布。在实验上，我们以k均值聚类为例评估了重要性抽样的隐私性、效率和准确性。