Adversarial representation learning for synthetic replacement of private attributes

TL;DR

This paper introduces a novel adversarial representation learning method for data privatization that removes sensitive information and replaces it with random data, enhancing privacy while maintaining utility and domain features.

Contribution

It proposes a two-step privacy approach combining sensitive information removal with random replacement, improving privacy-utility trade-offs over previous methods.

Findings

Stronger privacy protection on image data.

Preserves domain and utility of inputs.

Independent of downstream tasks.

Abstract

Data privacy is an increasingly important aspect of many real-world Data sources that contain sensitive information may have immense potential which could be unlocked using the right privacy enhancing transformations, but current methods often fail to produce convincing output. Furthermore, finding the right balance between privacy and utility is often a tricky trade-off. In this work, we propose a novel approach for data privatization, which involves two steps: in the first step, it removes the sensitive information, and in the second step, it replaces this information with an independent random sample. Our method builds on adversarial representation learning which ensures strong privacy by training the model to fool an increasingly strong adversary. While previous methods only aim at obfuscating the sensitive information, we find that adding new random information in its place strengthens the provided privacy and provides better utility at any given level of privacy. The result is an approach that can provide stronger privatization on image data, and yet be preserving both the domain and the utility of the inputs, entirely independent of the downstream task.