Differential Privacy in Continual Learning: Which Labels to Update?
This addresses privacy risks in continual learning for sensitive data, but it is incremental as it builds on existing DP and CL methods.
The paper tackles the problem of privacy leakage in continual learning through the set of output labels, showing that using a data-independent large label space with fine-tuning under differential privacy has minimal negative impact on utility, while separate DP mechanisms risk losing small classes.
The goal of continual learning (CL) is to retain knowledge across tasks, but this conflicts with strict privacy required for sensitive training data that prevents storing or memorising individual samples. To address that, we combine CL and differential privacy (DP). We highlight that failing to account for privacy leakage through the set of labels a model can output can break the privacy of otherwise valid DP algorithms. This is especially relevant in CL. We show that mitigating the issue with a data-independent overly large label space can have minimal negative impact on utility when fine-tuning a pre-trained model under DP, while learning the labels with a separate DP mechanism risks losing small classes.