The demand for sensitive and proprietary datasets has been rising as companies, researchers, and government agencies across the world increasingly rely on their collection. They are used in a diverse variety of applications, from training machine learning models to computing aggregate statistics. Hence, it is crucial to ensure that the privacy of the data is protected. However, ensuring in practice that a data release mechanism preserves the privacy of every record in its dataset, as well as providing an accurate assessment of the privacy risk, is difficult. In practice, this privacy evaluation is done through adversarial evaluation, but those privacy evaluation adversaries are often relying on access to an auxiliary dataset with the same underlying distribution as the dataset under attack. In this thesis, we aim to provide a consistent identification of the privacy risks of data release mechanisms and to develop more realistic privacy evaluation, in two major contributions. In our first contribution, we (a) explore methods to more accurately, in the context of synthetic generators, identify at-risk records from a given dataset. And (b) we present why averaging out the reported risks over multiple test datasets to evaluate the privacy risk might give a wrong assessment of the privacy risk. In our second contribution, we study the relaxation of the auxiliary assumption when performing privacy attacks by employing generative models. First, we study how to relax this assumption in the context of membership inference attacks against synthetic data generators. Second, in the context of membership inference attacks against aggregation techniques, commonly used for releasing spatio-temporal information such as trajectories. Third, we study a new type of leakage, correlation inference attacks. We show how correlations can be used as building blocks to relax the auxiliary assumption in the context of attribute inference attack against machine learning models.