Differentially Private Representation for NLP: Formal Guarantee and An Empirical Study on Privacy and Fairness

TL;DR

This paper introduces DPNR, a differentially private neural representation method for NLP that offers formal privacy guarantees, enhances privacy through dropout, and maintains utility and fairness in models.

Contribution

The paper proposes DPNR, a novel approach combining differential privacy with NLP representations, and demonstrates its effectiveness in reducing privacy leakage while preserving task performance and fairness.

Findings

DPNR significantly reduces privacy leakage in NLP models.

Dropout masking further enhances privacy protection.

DPNR maintains competitive task performance with privacy guarantees.

Abstract

It has been demonstrated that hidden representation learned by a deep model can encode private information of the input, hence can be exploited to recover such information with reasonable accuracy. To address this issue, we propose a novel approach called Differentially Private Neural Representation (DPNR) to preserve the privacy of the extracted representation from text. DPNR utilises Differential Privacy (DP) to provide a formal privacy guarantee. Further, we show that masking words via dropout can further enhance privacy. To maintain utility of the learned representation, we integrate DP-noisy representation into a robust training process to derive a robust target model, which also helps for model fairness over various demographic variables. Experimental results on benchmark datasets under various parameter settings demonstrate that DPNR largely reduces privacy leakage without significantly sacrificing the main task performance.