This paper addresses the challenge of achieving pointwise maximal leakage (PML) privacy guarantees when the underlying data-generating distribution is unknown. We propose the first distribution-agnostic framework for designing PML-private mechanisms. Methodologically, we extend PML to distributional uncertainty sets, derive robust (ε,δ)-PML guarantees via empirical distributions and large-deviation theory, and formulate mechanism design as a tractable convex optimization problem with linear constraints. Theoretically, our framework provides rigorous, verifiable privacy guarantees; empirically, on binary data, it achieves significantly higher utility than local differential privacy under identical privacy budgets, while remaining compatible with Laplace and Gaussian mechanisms. Our core contribution lies in bridging the theoretical gap between empirical distribution estimation and PML privacy design—establishing a novel privacy paradigm that simultaneously ensures statistical robustness and computational feasibility.

Pointwise maximal leakage (PML) is a per-outcome privacy measure based on threat models from quantitative information flow. Privacy guarantees with PML rely on knowledge about the distribution that generated the private data. In this work, we propose a framework for PML privacy assessment and mechanism design with empirical estimates of this data-generating distribution. By extending the PML framework to consider sets of data-generating distributions, we arrive at bounds on the worst-case leakage within a given set. We use these bounds alongside large-deviation bounds from the literature to provide a method for obtaining distribution-independent $(varepsilon,δ)$-PML guarantees when the data-generating distribution is estimated from available data samples. We provide an optimal binary mechanism, and show that mechanism design with this type of uncertainty about the data-generating distribution reduces to a linearly constrained convex program. Further, we show that optimal mechanisms designed for a distribution estimate can be used. Finally, we apply these tools to leakage assessment of the Laplace mechanism and the Gaussian mechanism for binary private data, and numerically show that the presented approach to mechanism design can yield significant utility increase compared to local differential privacy, while retaining similar privacy guarantees.