Isn't this still moving your data to a central repository? It's encoded in a neural net rather than in a more accessible form, but it's still being moved out of your control.
It is reasonable to think of it that way. Certainly high-level information from the data is extracted and embedded within a model, but only the information necessary for the model being trained. Whereas if the data itself was being sent, then all of the information is available. Additionally, through added protections (differential privacy being one) it is possible to engineer the federated system such that the data itself can not be reconstructed from model itself.
I too would be interested in understanding this better.
Let's say we're building a medical segmentation model, which takes a patient image and outlines a tumour (or some other feature that's unique to them). I am not sure this matters here, but let's say the model is a basic 2D U-net. Image pixels in, binary pixel labels out (cancer/non-cancer).
At a high level, how would a differentially-private setup work for training such a model across multiple institutions without pooling their patient data?