Towards Differential Relational Privacy and its use in Question Answering
This addresses privacy concerns for users of question answering systems by providing a way to control memorization without sacrificing learning, though it is incremental as it builds on differential privacy concepts.
The paper tackles the problem of privacy risks from memorizing entity relations in question answering models by introducing Relational Memorization (RM) and Differential Relational Privacy (DrP), showing that bounding RM does not harm model performance, especially in long-tailed data distributions.
Memorization of the relation between entities in a dataset can lead to privacy issues when using a trained model for question answering. We introduce Relational Memorization (RM) to understand, quantify and control this phenomenon. While bounding general memorization can have detrimental effects on the performance of a trained model, bounding RM does not prevent effective learning. The difference is most pronounced when the data distribution is long-tailed, with many queries having only few training examples: Impeding general memorization prevents effective learning, while impeding only relational memorization still allows learning general properties of the underlying concepts. We formalize the notion of Relational Privacy (RP) and, inspired by Differential Privacy (DP), we provide a possible definition of Differential Relational Privacy (DrP). These notions can be used to describe and compute bounds on the amount of RM in a trained model. We illustrate Relational Privacy concepts in experiments with large-scale models for Question Answering.