Does "batch disjointness" offer enough flexibility?

[palenica]

Is there interest in exploring support for differentially private querying schemes that allow multiple passes over data?

[keke123]

To ensure our solution is privacy preserving we do not allow reprocessing of reports. This is the current implementation of our privacy budget mechanism. We heard feedback that allowing the same report to be processed multiple times would be useful for certain use-cases (e.g. #732), and exploring options to enable it. If there are additional use cases, we would appreciate learning about them.

Thank you!

[alois-bissuel]

Multiple passes over the data has the interesting property of recovering from failures.
An adtech (or any user of the aggregation service) might make some mistakes when calling the service (eg calling the service with the wrong keys or dataset).
With multiple passes, there is a chance of recovering some of the data which might have otherwise been lost.

[wualbert17]

FYI, the Aggregation Service team is currently looking into supporting requerying, which could help with this use case. If you're interested, please take a look at privacysandbox/aggregation-service#71.