Adversarial representation learning for synthetic replacement of private attributes
This work addresses data privacy for real-world sources with sensitive information, offering an incremental improvement over existing methods by adding random replacement to enhance privacy-utility trade-offs.
The paper tackles the problem of data privatization by proposing a two-step method that removes sensitive information and replaces it with random samples, using adversarial representation learning to enhance privacy and utility. The result is a stronger privatization approach for image data that preserves domain and utility independently of downstream tasks.
Data privacy is an increasingly important aspect of many real-world Data sources that contain sensitive information may have immense potential which could be unlocked using the right privacy enhancing transformations, but current methods often fail to produce convincing output. Furthermore, finding the right balance between privacy and utility is often a tricky trade-off. In this work, we propose a novel approach for data privatization, which involves two steps: in the first step, it removes the sensitive information, and in the second step, it replaces this information with an independent random sample. Our method builds on adversarial representation learning which ensures strong privacy by training the model to fool an increasingly strong adversary. While previous methods only aim at obfuscating the sensitive information, we find that adding new random information in its place strengthens the provided privacy and provides better utility at any given level of privacy. The result is an approach that can provide stronger privatization on image data, and yet be preserving both the domain and the utility of the inputs, entirely independent of the downstream task.