Differential privacy is a precise mathematical constraint meant to ensure privacy of individual pieces of information in a database even while queries are being answered about the aggregate.  Intuitively, one must come to terms with what differential privacy does and does not guarantee.  For example, the definition prevents a strong adversary who knows all but one entry in the database from further inferring about the last one.  This strong adversary assumption can be overlooked, resulting in misinterpretation of the privacy guarantee of differential privacy.

Herein we give an equivalent definition of privacy using mutual information that makes plain some of the subtleties of differential privacy.  The mutual-information differential privacy is in fact sandwiched between $epsilon$-differential privacy and $(epsilon,delta)$-differential privacy in terms of its strength.  In contrast to previous works using unconditional mutual information, differential privacy is fundamentally related to conditional mutual information, accompanied by a maximization over the database distribution.  The conceptual advantage of using mutual information, aside from yielding a simpler and more intuitive definition of differential privacy, is that its properties are well understood.  Several properties of differential privacy are easily verified for the mutual information alternative, such as composition theorems.