How does differential privacy limit the privacy risk in ML models, and what is a typical trade-off?

Differential privacy protects individuals by ensuring that whether or not a person’s data is included in the training set has only a minimal effect on the model’s outputs. It does this by adding carefully calibrated noise to the data or to the aggregated results used for training, making exact reconstruction of a single record unlikely. The common trade-off is privacy versus accuracy: more noise yields stronger privacy but can reduce model performance, while less noise improves accuracy but weakens privacy. Encryption, in contrast, protects data in transit or at rest but doesn’t provide the same formal guarantees about what can be learned from model outputs.