I Prefer not to Say: Protecting User Consent in Models with Optional Personal Data

TL;DR

This paper introduces Protected User Consent (PUC), a novel framework ensuring machine learning models respect users' choice to share optional personal data, balancing privacy with model performance.

Contribution

It formalizes privacy protection for models using only explicitly consented data, proposes PUC as a loss-optimal solution, and offers a data augmentation method with convergence guarantees.

Findings

PUC effectively protects user privacy without sacrificing model accuracy.

Models can leverage additional data while respecting explicit user consent.

The proposed approach is validated on real datasets and various models.

Abstract

We examine machine learning models in a setup where individuals have the choice to share optional personal information with a decision-making system, as seen in modern insurance pricing models. Some users consent to their data being used whereas others object and keep their data undisclosed. In this work, we show that the decision not to share data can be considered as information in itself that should be protected to respect users' privacy. This observation raises the overlooked problem of how to ensure that users who protect their personal data do not suffer any disadvantages as a result. To address this problem, we formalize protection requirements for models which only use the information for which active user consent was obtained. This excludes implicit information contained in the decision to share data or not. We offer the first solution to this problem by proposing the notion of Protected User Consent (PUC), which we prove to be loss-optimal under our protection requirement. We observe that privacy and performance are not fundamentally at odds with each other and that it is possible for a decision maker to benefit from additional data while respecting users' consent. To learn PUC-compliant models, we devise a model-agnostic data augmentation strategy with finite sample convergence guarantees. Finally, we analyze the implications of PUC on challenging real datasets, tasks, and models.