Privacy preservation in federated learning: An insightful survey from the GDPR perspective

In recent years, along with the blooming of Machine Leaming (ML)-based applications and services, ensuring data privacy and security have become a critical obligation. ML -based service providers not only confront with difficulties in collecting and managing data across heterogeneous sources but also challenges of complying with rigorous data protection regulations such as EU/UK General Data Protection Regulation (GDPR). Fur-thermore, conventional centralised ML approaches have always come with long-standing privacy risks to personal data leakage, misuse, and abuse. Federated learning (FL) has emerged as a prospective solution that facilitates distributed collaborative learning with-out disclosing original training data. Unfortunately, retaining data and computation on-device as in FL are not sufficient for privacy-guarantee because model parameters ex-changed among participants conceal sensitive information that can be exploited in pri-vacy attacks. Consequently, FL-based systems are not naturally compliant with the GDPR. This article is dedicated to surveying of state-of-the-art privacy-preservation techniques in FL in relations with GDPR requirements. Furthermore, insights into the existing chal-lenges are examined along with the prospective approaches following the GDPR reg-ulatory guidelines that FL-based systems shall implement to fully comply with the GDPR. (c) 2021 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license ( http://creativecommons.org/licenses/by/4.0/ )

Automated summary

In recent years, ensuring data privacy and security has become crucial with the growth of Machine Learning applications. While traditional centralized ML methods pose privacy risks, Federated Learning is seen as a potential solution, but further improvements are needed to comply with GDPR requirements.