Distributed Deep Variational Approach for Privacy-preserving Data Release

TL;DR

This paper introduces GPP, a privacy-preserving data release framework that learns to sanitize high-dimensional data representations, balancing utility and privacy in federated learning settings.

Contribution

It extends variational privacy methods to federated learning, enabling local data sanitization with minimal utility loss and strong privacy guarantees.

Findings

GPP achieves utility close to baseline autoencoders.

GPP reduces adversary's AUC to near random guessing.

Effective across multiple benchmark datasets.

Abstract

Federated learning (FL) lets distributed nodes train a shared model without exchanging their raw data, but in privacy-sensitive deployments medical sensors, IoT devices, wearables the protection offered by keeping data local is incomplete: gradients, model updates, and the released representations themselves can leak sensitive attributes. We propose the \emph{Gaussian Privacy Protector} (GPP), a data-release framework for continuous, high-dimensional inputs that learns a stochastic encoder mapping raw data to a low-dimensional sanitized representation. The encoder is trained against a variational lower bound on the mutual information between the released representation and a designated sensitive attribute, while a separate cross-entropy term preserves a designated utility attribute, with a Lagrange multiplier $\beta$ controlling the trade-off. We then extend GPP to the federated setting, in which each client trains a local encoder, sensitive labels never leave the client, and the aggregator receives only sanitized representations giving instance-level privacy protection in addition to the standard ``raw data stays local'' guarantee of FL. We evaluate GPP on MNIST (digit-sum utility, parity sensitive), CelebA (smiling vs.\ gender), and HAPT-Recognition (activity vs.\ subject identity). Across all three benchmarks, GPP attains utility within roughly one percentage point of an unconstrained autoencoder baseline while reducing the adversary's AUC to near random guessing.