学术文献库

Empirical economic research crucially relies on highly sensitive individual datasets. At the same time, increasing availability of public individual-level data makes it possible for adversaries to potentially de-identify anonymized records in sensitive research datasets. Most commonly accepted formal definition of an individual non-disclosure guarantee is referred to as differential privacy. It restricts the interaction of researchers with the data by allowing them to issue queries to the data. The differential privacy mechanism then replaces the actual outcome of the query with a randomised outcome. The impact of differential privacy on the identification of empirical economic models and on the performance of estimators in nonlinear empirical Econometric models has not been sufficiently studied. Since privacy protection mechanisms are inherently finite-sample procedures, we define the notion of identifiability of the parameter of interest under differential privacy as a property of the limit of experiments. It is naturally characterized by the concepts from the random sets theory. We show that particular instances of regression discontinuity design may be problematic for inference with differential privacy as parameters turn out to be neither point nor partially identified. The set of differentially private estimators converges weakly to a random set. Our analysis suggests that many other estimators that rely on nuisance parameters may have similar properties with the requirement of differential privacy. We show that identification becomes possible if the target parameter can be deterministically located within the random set. In that case, a full exploration of the random set of the weak limits of differentially private estimators can allow the data curator to select a sequence of instances of differentially private estimators converging to the target parameter in probability.