Course content

Data privacy has a significant overlap with information security. Importantly, information security is a prerequisite for privacy. Furthermore, many organizational techniques from information security are applicable to maintaining data privacy. However, data privacy also differs from information security in significant ways. One of these lies in the focus on control of inferences from given data and information. This course is centered on introducing quantitative theory for this inference control often referred to as statistical disclosure control. We will discuss formal definitions of privacy in databases containing population data. In particular, we will contrast syntactic and differential privacy and their respective suitability for balancing privacy costs with information benefits. We will spend significant time studying differentially private algorithms for querying data. In addition, we will discuss ethical and political arguments for why privacy is needed and discuss the framing of privacy in terms of a tradeoff between individual privacy and societal benefit. In this context, we will critique current popular technical and regulatory approaches to data privacy from a quantitative theory perspective.

According to the UN declaration of human rights, privacy is a fundamental human right. Data privacy reduces information asymmetries and therefore reduces inequalities in power between individuals and corporations and other institutions, reduces possibilities for persecution, allows dissent, and is intrinsically connected to democracy. As such it touches on a multitude of UN’s Sustainable Development Goals, including gender equality (5), Industry, Innovation and Infrastructure (9), Reduced Inequalities (10), Sustainable Cities and Communities (11), and Peace, Justice and Strong Institutions (16).

Learning outcome

Knowledge:

The successful student

• will have an advanced understanding of the theoretical underpinnings of data privacy.
• will be able to relate this understanding to areas ranging from the philosophical, through the political and organizational, to the technical.
• will know privacy as a process of adapting to a changing circumstance
• will understand the significance of randomness in protecting privacy and quantifying risk, and be able to operationalize this understanding.

Skills:

The successful student will be able to

• identify privacy related aspects of data uses
• evaluate proposed technical mechanisms for privacy protection
• apply differentially private mechanisms when the sensitivity to requested information to changes in data is readily available

General competence:

The successful student will be better able to

• acquire of new knowledge and skills from research literature
• perform quantitative and qualitative analysis of problems
• relate technology and society

Learning methods and activities

Voluntary

• Weekly lectures/meetings.
• Self guided study.
• ⁠Online discussions. An efficient learning tool is explaining to others. The use of an instructor monitored online forum for discussions and questions will be encouraged.

Obligatory

• ⁠Approximately 10 assignments consisting of reading and exercises spread throughout the semester.

Compulsory assignments

• Assignments

Specific conditions

Recommended previous knowledge

Knowledge of calculus, basic probability theory and statistics commensurate with university level introductory classes.

Course materials

The course primarily reflects the contents of a monograph specifically written for this course that will be made available to the students at the beginning of the semester (a draft is available at https://folk.ntnu.no/staal/dist/privacybook.pdf).

Other materials relevant to this course include:

• The Algorithmic Foundations of Differential Privacy (https://www.cis.upenn.edu/~aaroth/privacybook.html)
• Stanford Encyclopedia of Philosophy (https://plato.stanford.edu/entries/privacy/)
• Reports from the Norwegian Data Protection Authority (https://www.datatilsynet.no/en/about-privacy/reports/)
• Regulations concerning privacy: GDPR Homepage (https://www.eugdpr.org/), Datatilsynet (https://www.datatilsynet.no/regelverk-og-skjema/nye-personvernregler/)
• Select materials on disclosure control and information security