Differential privacy is a guarantee that no one can learn anything significant about any individual from their inclusion in the data. It’s a strong way to protect privacy of aggregate statistics – such as counts and averages. Differentially private statistics are engineered such that the statistic will be similar, regardless of whether a particular user is included in the data. Typically, a system achieves differential privacy by restricting the statistics that are released and adding random noise to the statistics.
Differential privacy has a parameter called epsilon, which controls the level of privacy. So long as epsilon is set appropriately, differential privacy is one of the strongest privacy guarantees available for practical use.