PFGuard: A Generative Framework with Privacy and Fairness Safeguards

Generative models must ensure both privacy and fairness for Trustworthy AI. While these goals have been pursued separately, recent studies propose to combine existing privacy and fairness techniques to achieve both goals. However, naïvely combining these techniques can be insufficient due to privacy-fairness conflicts, where a sample in a minority group may be amplified for fairness, only to be suppressed for privacy. We demonstrate how these conflicts lead to adverse effects, such as privacy violations and unexpected fairness-utility tradeoffs. To mitigate these risks, we propose PFGuard, a generative framework with privacy and fairness safeguards, which simultaneously addresses privacy, fairness, and utility. By using an ensemble of multiple teacher models, PFGuard balances privacy-fairness conflicts between fair and private training stages and achieves high utility based on ensemble learning. Extensive experiments show that PFGuard successfully generates synthetic data on high-dimensional data while providing both fairness convergence and strict DP guarantees - the first of its kind to our knowledge. Recently, generative models have shown remarkable performance in various applications including vision (Wang et al., 2021b) and language tasks (Brown et al., 2020) - while also raising significant ethical concerns. In particular, privacy and fairness concerns have emerged due to generative models mimicking their training data. On the privacy side, specific training data can be memorized, allowing the reconstruction of sensitive information like facial images (Hilprecht et al., 2019; Sun et al., 2021). On the fairness side, any bias in the training data can be learned, resulting in biased synthetic data and unfair downstream performances across demographic groups (Zhao et al., 2018; Tan et al., 2020). Although privacy and fairness are both essential for generative models, previous research has primarily tackled them separately. Differential Privacy (DP) techniques (Dwork et al., 2014), which provide rigorous privacy guarantees, have been developed for private generative models (Xie et al., 2018; Jordon et al., 2018); various fair training techniques, which remove data bias and generate more balanced synthetic data, have been proposed for fair generative models (Xu et al., 2018; Choi et al., 2020). To achieve both objectives, harnessing these techniques has emerged as a promising direction. For example, Xu et al. (2021) combine a fair pre-processing technique (Celis et al., 2020) with a private generative model (Chanyaswad et al., 2019) to train both fair and private generative models.