The Swiss FSO innovates with OpenDP to protect citizen privacy

Published on: 06.06.2024
Authors: DSCC and OpenDP

While the Swiss Federal Statistical Office (FSO) recognizes the potential of data, concerns for citizen privacy limit its potential. Through the collaboration between its Data Science Competence Center (DSCC) and the OpenDP project, solutions are being developed to protect privacy while still ensuring utility.

Governments understand the power of data to do many things: inform policy, support the private sector and enable citizen-led initiatives. However, valid concerns about maintaining privacy are holding back its widespread use and dissemination.

Within the FSO, data scientists aim to strike a balance between protecting individual data privacy and maximizing the usefulness of that data for analysis. This balance is known as the “privacy-utility trade-off.” High privacy often means altering data to hide identities, which can reduce its accuracy and usefulness. On the other hand, maximizing utility requires detailed data, which might compromise privacy. The challenge is finding a middle ground where data is both private enough to protect individuals and useful enough for meaningful analysis.

One of the most promising solutions to tackle this issue is differential privacy – a method which protects privacy by adding noise to shared data products in order to mitigate the risk of re-identification or successful membership attacks while still maintaining a level of utility. To this end, the DSCC of the FSO began collaborating with the OpenDP project (a community effort to build trustworthy, open-source software tools for statistical analysis of sensitive private data) by enrolling two team members as fellows starting in 2022. Their goal? To help develop solutions with OpenDP that could be used within the Swiss administration and beyond.

Dr. Raphaël de Fondeville (Senior Data Scientist) and Pauline Maury-Laribière (Data Scientist) joined the OpenDP Visiting Fellows Program in 2022 and 2023, respectively. They, along with their colleagues at the DSCC, have been working diligently to champion differential privacy within the Swiss Federal Administration. As OpenDP fellows, Raphaël and Pauline contributed to differential privacy via the OpenDP library, specifically to provide privacy guarantees for individual contributors providing their personal information to the public administration. They focused on two specific cases: poverty rates and income statistics, both of which are communicated bi-annually and are used to inform policy and resource allocation. These two statistics were selected as they both present challenging characteristics for application of differential privacy:

  • Poverty statistics are geo-referenced by nature and there is an increasing demand to disclose high resolution poverty maps to pilot public policy. However, such disclosure could cause significant harm to residents of small geographical units: the disclosure risk must be carefully controlled.
  • Income statistics are highly influenced by small groups of individuals with very high income: protecting these groups while maintaining a decent level of utility is delicate.

These projects have also been opportunities to better understand the needs and challenges that remain in order to bring differential privacy into production. During this collaboration, new functionalities were added to the OpenDP library to enable working with tabular data directly, allowing analyses on partitions of data in an optimized way. A library named Polars was used to perform efficient computations while the OpenDP library adds all the necessary differential privacy layers. This should make the library more attractive and usable for analysts who want to make differentially private releases of their data.

As the collaboration between the FSO and the OpenDP project continues to flourish, the journey towards achieving a harmonious balance between data privacy and utility persists. Stay tuned for a forthcoming article featuring interviews with stakeholders within the FSO, where further exploration of differential privacy and its potential will be shared. In the meantime, for a deeper look into this work, we invite you to watch the video presentation by Dr. Raphaël de Fondeville and Pauline Maury-Laribière at the OpenDP Community Meeting.

