Optimal Allocation of Privacy Budget on Hierarchical Data Release; The Netflix Prize and the Distribution of Responsibility in Data-Driven Innovation 38 views

My technical project and STS research paper are both concerned with how sensitive data should be released and managed. Although they approach data privacy from different settings and perspectives, both examine the consequences of decisions made around data. My technical work studies how to release hierarchical data while protecting individual privacy and keeping the statistics as accurate as possible, while my STS research examines how unclear responsibility within organizations can lead to failures in protecting user privacy. These projects reflect my interest in building responsible and effective data-driven systems from different angles. My technical project studies how to release accurate statistics from sensitive datasets while still protecting individual privacy. In settings like Census data, statistics are reported at multiple levels, such as states, regions, and local areas, and privacy protection requires adding noise that can reduce accuracy. A key challenge is how to distribute a limited amount of privacy protection across these levels. A simple approach treats all levels equally, but this often leads to unnecessary error. In my capstone, I develop an optimization-based method that determines how to allocate privacy protection across the hierarchy to minimize overall error. I show that this method assigns more protection to lower, more detailed levels, which improves the overall quality of the statistics. Using experiments on Census-style data, I find that this approach reduces error and leads to better downstream decisions, such as how resources are allocated using Census data. My STS research paper examines the Netflix Prize as a case study in data privacy and organizational responsibility. Using van de Poel and Royakkers’ framework on the distribution of responsibility in engineering, I argue that the incident should not be understood only as a technical failure of anonymization. Instead, it also reflects a failure to assign forward-looking responsibility for anticipating privacy risks before the dataset was released. By analyzing causal contribution, foreseeability, and forward-looking responsibility, I show that the risks of re-identification were not unforeseeable, yet no actor within the organization appears to have been clearly responsible for testing or addressing those risks in advance. I completed these projects at non-overlapping times, so their value lies less in technical overlap and more in the perspective they provide when considered together as part of a broader view of data privacy. My capstone taught me how difficult it is to balance privacy and utility in technical design, while my STS paper pushed me to think beyond whether a method works mathematically and to ask who is responsible for anticipating its real-world consequences when a privacy method fails. The main insight I will carry into my future work is that good privacy-preserving design is not only about optimizing accuracy under a constraint, but also about thinking carefully about what kinds of harms may still occur, who is accountable for identifying them, and how those responsibilities are assigned before a system is deployed.

BS (Bachelor of Science)

Differential Privacy; Responsible AI; Convex Optimization

School of Engineering and Applied Science Bachelor of Science in Computer Science Technical Advisor: Ferdinando Fioretto STS Advisor: Benjamin Laugelli Technical Team Members: Joonhyuk Ko

English

All rights reserved by the author (no additional license for public reuse)

2026-05-06