Analysing and evaluating syntactic privacy games via a recommender systems case study

The probabilistic notion of differential privacy has emerged as a popular measure for systems that support interactive data release. Consequently, there exists a portfolio of mechanisms to achieve differential privacy. A complementary approach is to represent syntactic privacy notions such as anonymity and unlinkability in the form of games. Via these games, the understanding of, and relationship between, privacy notions is clarified; further, an unambiguous understanding of adversarial actions is given. Representing privacy notions as games is aimed to invoke a 'different' perspective of visualising and abstracting privacy notions. Yet, without any practical context, these notions can be incomprehensible to system designers and software developers. We provide means to combine, enhance and extend these theoretical contributions by showing that the game-based definitions have the potential to interconnect privacy implications and to reason about privacy properties. We motivate our analysis through a case study based on recommender systems