Recent computer science research on the reidentification of individuals from anonymized data has given some observers in the legal community the impression that the utilization of data is incompatible with strong privacy guarantees, leaving few options for balancing privacy and utility in various data-intensive settings. This bleak assessment is incomplete and somewhat misleading, however, because it fails to recognize the promise of technologies that support anonymity under a standard that computer scientists call differential privacy. This standard is met by a database system that behaves similarly whether or not any particular individual is represented in the database, effectively producing anonymity. Although a number of computer scientists agree that these technologies can offer privacy-protecting advantages over traditional approaches such as redaction of personally identifiable information from shared data, the legal community’s critique has focused on the burden that these technologies place on the utility of the data. Empirical evidence, however, suggests that at least one highly successful business, Facebook, has implemented such privacy-preserving technologies in support of anonymity promises while also meeting commercial demands for utility of certain shared data.
This Article uses a reverse-engineering approach to infer that Facebook appears to be using differential privacy-supporting technologies in its interactive query system to report audience reach data to prospective users of its targeted advertising system, without apparent loss of utility. This case study provides an opportunity to consider criteria for identifying contexts where privacy laws might draw benefits from the adoption of a differential privacy standard similar to that apparently met by Facebook’s advertising audience reach database. United States privacy law is a collection of many different sectoral statutes and regulations, torts, and constitutional law, and some areas are more amenable to incorporation of the differential privacy standard than others. This Article highlights some opportunities for recognition of the differential privacy standard as a best practice or a presumption of compliance for privacy, while acknowledging certain limitations on the transferability of the Facebook example.