In this work, we propose the first framework for integrating Differential Privacy (DP) and Contextual Integrity (CI). DP is a property of an algorithm that injects statistical noise to obscure information about individuals represented within a database. CI defines privacy as information flow that is appropriate to social context. Analyzed together, these paradigms outline two dimensions on which to analyze privacy of information flows: descriptive and normative properties. We show that our new integrated framework provides benefits to both CI and DP that cannot be attained when each definition is considered in isolation: it enables contextually-guided tuning of the epsilon parameter in DP, and it enables CI to be applied to a broader set of information flows occurring in real-world systems, such as those involving PETs and machine learning. We conclude with a case study based on the use of DP in the U.S. Census Bureau.

翻译：本文提出了首个整合差分隐私（DP）和情境完整性（CI）的理论框架。DP是一种通过注入统计噪声来掩盖数据库中个体信息的算法属性；CI则定义隐私为符合社会情境的信息流。通过联合分析，这两个范式勾勒出分析信息流隐私的两个维度：描述性属性与规范性属性。研究表明，新整合框架能为CI和DP带来各自单独定义下无法实现的增益：它支持根据社会情境指导DP中ε参数的调整，并使CI能够应用于现实系统中更广泛的信息流（例如涉及隐私增强技术与机器学习的情形）。最后，我们基于美国人口普查局使用DP的实际案例进行了应用研究。