Differential privacy in Snowflake Data Clean Rooms¶

One of the crucial privacy-enhancing technologies that Snowflake Data Clean Rooms offer is differential privacy. To boost privacy protections for data providers, provide mathematical guarantees around user privacy, and protect against repeated queries trying to obtain individual information, Snowflake Data Clean Rooms implement state-of-the-art techniques in differential privacy, creating incredibly strong, end-to-end protections. Because data clean rooms act as trusted environments, Snowflake Data Clean Rooms implement global differential privacy [1], with strong privacy guarantees and low noise levels. Snowflake Data Clean Rooms deploy differential privacy in complete alignment with massive-scale deployments.

Differential privacy techniques publish high-level insights about data without revealing any of its individual row-level constituents. One alternative, using simple aggregation to hide row-level information, could expose private information if adversaries can generate “close” queries on the data that differ by one row. The result difference of these queries can compromise personal information (often referred to as a differencing attack).

Differential privacy overcomes this and provides strong mathematical guarantees of data privacy by carefully injecting noise into the return values of any query against private data. Under such noise mechanisms and strategically set privacy budgets, it is statistically impossible to distinguish the results of any such “close” queries.

cleanroom.addNoise(QUERY_RESULT,EPSILON,RANDOM_NUMBER,MECHANISM,...)