Large language models (LLMs) have emerged as powerful tools for tackling complex tasks across diverse domains, but they also raise privacy concerns when fine-tuned on sensitive data due to potential memorization. While differential privacy (DP) offers a promising solution by ensuring models are 'almost indistinguishable' with or without any particular privacy unit, current evaluations on LLMs mostly treat each example (text record) as the privacy unit. This leads to uneven user privacy guarantees when contributions per user vary. We therefore study user-level DP motivated by applications where it necessary to ensure uniform privacy protection across users. We present a systematic evaluation of user-level DP for LLM fine-tuning on natural language generation tasks. Focusing on two mechanisms for achieving user-level DP guarantees, Group Privacy and User-wise DP-SGD, we investigate design choices like data selection strategies and parameter tuning for the best privacy-utility tradeoff.

翻译：大型语言模型（LLM）已成为解决跨领域复杂任务的强大工具，但由于潜在的记忆效应，在敏感数据上进行微调时也引发了隐私担忧。差分隐私（DP）通过确保模型在包含或排除任意特定隐私单元时“几乎无法区分”，提供了一种前景广阔的解决方案，然而当前针对LLM的评估大多将每个样本（文本记录）视为隐私单元。当不同用户的贡献量存在差异时，这会导致用户隐私保护水平不均。因此，我们研究用户级差分隐私，其应用场景要求确保跨用户的统一隐私保护。本文系统评估了自然语言生成任务中LLM微调的用户级差分隐私实现。聚焦于实现用户级DP保障的两种机制——群组隐私与用户级DP-SGD，我们探究了数据选择策略、参数调优等设计选择，以寻求最优的隐私-效用平衡。