Guide
Data vs Model and Output sensitivity
A dataset can be sensitive, but also a trained model can be sensitive. When it comes to a dataset, it corresponds to the data itself being under protection. This can be due to different reasons, including privacy, commercial reasons or simply due to other policies of the organization owning the data. See also Section 4.
By model sensitivity, we mean that the trained model itself is to be protected. This can occur either if there are serious concerns that the model can leak information about the data on which it was trained or if the model owner wishes to keep the model private for organizational reasons, such as commercial confidentiality.
Model sensitivity is a specific but important example of the broader concept of output sensitivity or output privacy. Often the focus of PETs is on keeping the input data, as well as the computation, hidden. But also, the output of a computation may be sensitive, specifically if it can lead back to the sensitive input data. For example, knowing the average annual salary of your department in 2018 and in 2019, combined with the fact that there was only one change in the department members, allows you to deduce the salary of the newest colleague. This closely links to the concept of output privacy, see Section 3. Output Privacy refers to techniques used to ensure that the output of a computation does not reveal information about the input data.