Differentially Private Language Models for Secure Data Sharing

TL;DR

This paper introduces a method for generating high-quality, private synthetic text data using differentially private training of language models, enabling secure data sharing with strong privacy guarantees and improved downstream task performance.

Contribution

It proposes a novel approach combining global differential privacy with prompt-based language model training to produce accurate, private, and attribute-controlled textual datasets.

Findings

Synthetic data does not leak original data information.

Generated datasets are of high language quality.

Classifiers trained on private synthetic data outperform those trained on real data with DP-SGD.

Abstract

To protect the privacy of individuals whose data is being shared, it is of high importance to develop methods allowing researchers and companies to release textual data while providing formal privacy guarantees to its originators. In the field of NLP, substantial efforts have been directed at building mechanisms following the framework of local differential privacy, thereby anonymizing individual text samples before releasing them. In practice, these approaches are often dissatisfying in terms of the quality of their output language due to the strong noise required for local differential privacy. In this paper, we approach the problem at hand using global differential privacy, particularly by training a generative language model in a differentially private manner and consequently sampling data from it. Using natural language prompts and a new prompt-mismatch loss, we are able to create highly accurate and fluent textual datasets taking on specific desired attributes such as sentiment or topic and resembling statistical properties of the training data. We perform thorough experiments indicating that our synthetic datasets do not leak information from our original data and are of high language quality and highly suitable for training models for further analysis on real-world data. Notably, we also demonstrate that training classifiers on private synthetic data outperforms directly training classifiers on real data with DP-SGD.