How to ensure anonymity of AI systems?

When training artificial intelligence systems, developers need to use privacy-enhancing technologies to ensure that the subjects of the training data are not exposed, new study suggests.
anonymity of AI
(Image: Yutong Liu)

Artificial Intelligence (AI) systems trained using machine learning retain an imprint of their training data that allows identifying data that was used to train them.

Systems trained using larger datasets are less vulnerable to identification of the training data, but effectively eliminating the vulnerability would require impractically large datasets.

The finding from an article by researchers from the DataLit project at the Finnish Center for Artificial Intelligence (FCAI) at the University of Helsinki and from Kyoto University, published at the Conference on Neural Information Processing Systems (NeurIPS), has important implications to developers training AI systems using sensitive or personal data, such as health data. 

"Developers need to use privacy-enhancing technologies such as differential privacy to ensure that the subjects of the training data are not exposed. Differential privacy allows mathematically proving that the trained model can never reveal too much information about any individual in the training dataset," says professor Antti Honkela.

Risks in training AI with personal data

The European General Data Protection Regulation (GDPR) defines strict rules for processing of personal data. According to a recent opinion by the European Data Protection Board, an AI system would be considered personal data if training data subjects can be identified from it.

The new result highlights such risk for AI systems trained using personal data.

"An important application for the result is in AI systems for health. Finnish law on secondary use of health data and new European Health Data Space Act require that AI systems developed using health data must be anonymous. In other words, it must not be possible to identify training data subjects."

Previous work from the same group of researchers shows that it is possible to train provably anonymous AI systems using so-called differential privacy during training.

The reported result was obtained by studying the vulnerability when a large image classification model pretrained on a large dataset is fine-tuned using a smaller sensitive dataset. According to the results, the fine-tuned model is less vulnerable than a model trained from scratch using only sensitive data.

Article information

Marlon Tobaben, Hibiki Ito, Joonas Jälkö, Yuan He and Antti Honkela. Impact of Dataset Properties on Membership Inference Vulnerability of Deep Transfer Learning.Opens in a new tab In Advances in Neural Information Processing 39 (NeurIPS 2025).

This article was originally published on the University of Helsinki website on 27.11.2025.

  • Updated:
  • Published:
Share
URL copied!

Read more news

AI for food science
AI, Collaboration, Community Outreach, Highlight, University of Helsinki Published:

AI for Food Science workshop sparks international collaboration

How can universities, research institutes, and food companies work together to harness the power of emerging AI for food science? University of Helsinki organized a dedicated workshop, bringing leading European researchers and industry experts to the same table.
AI literacy
AI, Artificial Intelligence, Community Outreach, Computer Science Department, Education, Highlight, University of Helsinki Published:

Europe’s best AI literacy initiative for education comes from Finland

Generation AI, a Finnish initiative for AI literacy in education and research, has won the European Union’s 2026 Digital Skills Award for promoting AI literacy among children and young people. The award ceremony was held in Brussels on 30 June 2026.
emoji faces
Aalto University, AI, Collaboration, Highlight, Research Published:

RealYou AI will develop the next generation of personalized AI decision assistants

Researchers to build cognitive machine learning that will improve decision-making with instantly personalized intelligent assistance.
Jukka Suomela
Aalto University, Awards, Computer Science Department, Funding, Highlight Published:

Highly sought-after EU funding for three Aalto University researchers

The projects led by Adam Foster, Jani Oksanen and Jukka Suomela focus on atomically precise materials-engineering, LED-based thermal management and quantum methods in distributed networks.