Auditing Reveals Fairness-Privacy Trade-offs at Subpopulation Level

Umid Suleymanov, Ilhama Novruzova, Khalid Mammadov, Natavan Hasanova, Murat Kantarcioglu· July 17, 2026 View original

Summary

This study comprehensively examines how fairness-enhancing algorithms impact privacy leakage, specifically at the subpopulation level, using an adapted Likelihood Ratio Attack (LiRA). It uncovers privacy disparities that aggregate evaluations miss and shows that fairness interventions do not uniformly increase privacy risk, with effects depending on model architecture, subgroup size, and mitigation strategy.

This research provides the first in-depth investigation into the complex interplay between fairness-enhancing algorithms and privacy leakage in machine learning models. While previous work often focused on how privacy techniques affect fairness, this study reverses the perspective, analyzing the privacy implications of fairness interventions. A key contribution is the adaptation of the Likelihood Ratio Attack (LiRA) for subgroup auditing, which allows for the detection of privacy disparities that are obscured by aggregate-level evaluations. The findings reveal that the impact of fairness interventions on privacy risk is not uniform. Instead, it varies significantly based on factors such as the model's architecture, the size of specific subpopulations, and the chosen fairness mitigation strategy. The study also explores how Differential Privacy (DP) interacts with fairness methods, demonstrating that DP's benefits and costs are unevenly distributed across different subpopulations. This highlights the necessity of jointly evaluating fairness, privacy, and utility at a granular, subpopulation level, for which the authors introduce a unified empirical framework.

Why it matters

For professionals deploying AI in sensitive domains, understanding these subpopulation-level trade-offs is crucial for building ethical and compliant systems. It enables more nuanced decision-making to balance fairness, privacy, and utility, avoiding unintended harm to specific user groups.

How to implement this in your domain

  1. 1Adopt a subpopulation-level auditing framework for evaluating fairness and privacy in your AI models.
  2. 2Integrate tools like adapted Likelihood Ratio Attacks (LiRA) to uncover granular privacy risks.
  3. 3Assess how different fairness-enhancing algorithms impact privacy across various user groups.
  4. 4Jointly evaluate fairness, privacy, and utility metrics at the subpopulation level before deploying models in sensitive applications.

Who benefits

HealthcareFinanceLaw EnforcementSocial MediaGovernment

Key takeaways

  • Fairness-enhancing algorithms can have varied impacts on privacy leakage at the subpopulation level.
  • Aggregate evaluations often obscure critical privacy disparities.
  • The effect on privacy depends on model architecture, subgroup size, and mitigation strategy.
  • Jointly auditing fairness, privacy, and utility at a granular level is essential for ethical AI.

Original post by Umid Suleymanov, Ilhama Novruzova, Khalid Mammadov, Natavan Hasanova, Murat Kantarcioglu

"arXiv:2607.14607v1 Announce Type: new Abstract: Machine learning (ML) models deployed in sensitive domains such as healthcare, law enforcement, and finance must satisfy not only utility requirements but also fairness and privacy guarantees. While prior work has largely examined h…"

View on X

Originally posted by Umid Suleymanov, Ilhama Novruzova, Khalid Mammadov, Natavan Hasanova, Murat Kantarcioglu on X · view source

Want to go deeper?

Turn these trends into skills with Learnijoy's hands-on AI & tech courses.

Explore courses