Disentangling private classes through regularization

TL;DR

This paper introduces DisP, a regularization method that disentangles private class information in deep learning models to enhance privacy and prevent undesired data leakage.

Contribution

DisP is a novel regularization strategy that de-correlates features of private classes during training to improve privacy preservation in AI models.

Findings

DisP effectively reduces private class information leakage.

DisP maintains model performance while enhancing privacy.

Experimental results show significant privacy improvements.

Abstract

Deep learning models are nowadays broadly deployed to solve an incredibly large variety of tasks. However, little attention has been devoted to connected legal aspects. In 2016, the European Union approved the General Data Protection Regulation which entered into force in 2018. Its main rationale was to protect the privacy and data protection of its citizens by the way of operating of the so-called "Data Economy". As data is the fuel of modern Artificial Intelligence, it is argued that the GDPR can be partly applicable to a series of algorithmic decision making tasks before a more structured AI Regulation enters into force. In the meantime, AI should not allow undesired information leakage deviating from the purpose for which is created. In this work we propose DisP, an approach for deep learning models disentangling the information related to some classes we desire to keep private, from the data processed by AI. In particular, DisP is a regularization strategy de-correlating the features belonging to the same private class at training time, hiding the information of private classes membership. Our experiments on state-of-the-art deep learning models show the effectiveness of DisP, minimizing the risk of extraction for the classes we desire to keep private.