This work addresses the privacy risks arising from user departure in graph federated learning by proposing an efficient machine unlearning mechanism that ensures complete removal of a user’s data. The approach integrates orthogonal gradient updates with a virtual client maintained by the central server, effectively preserving both model performance and graph structural integrity while erasing the target user's information. Leveraging a combination of local message passing and global coordination, the framework significantly outperforms seven state-of-the-art baselines under typical user exit scenarios. Furthermore, its robust privacy guarantees are empirically validated through a newly designed membership inference attack evaluation, demonstrating strong resistance against such adversarial threats.

Graph federated learning (GFL) facilitates decentralized training on distributed graph data while keeping sensitive user information local, aligning with policies such as GDPR and CCPA that grant users the right to freely join or withdraw from learning systems. However, even decentralized, user information can persist after quitting, potentially propagating to central servers and then redistributing to malicious clients. This privacy leakage during user withdrawal, despite its importance, has received seldom attention in GFL. To fill the gap, we explore the potential of machine unlearning (MU) to thoroughly remove user information. However, classical MU methods are known to degrade overall performance, a problem that is exacerbated in GFL due to local message passing and global model collaboration. To this end, we make two adjustments to mitigate this challenge for GFL. First, we ensure unlearning updates that minimally affect overall performance, steering them in directions orthogonal to the gradients from learning other data. Second, we introduce virtual clients, maintained by the central server, to preserve graph topology and global embeddings without recovering information of removed entities. We conduct comprehensive experiments under a representative user-withdrawal scenario and propose a novel membership inference framework to rigorously evaluate and validate the reliability of our privacy preservation. The experimental results demonstrate the effectiveness of our approach, which also surpasses the performance of seven state-of-the-art baseline methods.