IMT4217 - Introduction to Data Privacy


Examination arrangement

Examination arrangement: School exam
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
School exam 100/100 4 hours C

Course content

Data privacy has a significant overlap with information security. Importantly, information security is a prerequisite for privacy. Furthermore, many organizational techniques from information security are applicable to maintaining data privacy. However, data privacy also differs from information security in significant ways. One of these lies in the focus on control of inferences from given data and information. This course is centered on introducing quantitative theory for this inference control often referred to as statistical disclosure control. We will discuss formal definitions of privacy in databases containing population data. In particular, we will contrast syntactic and differential privacy and their respective suitability for balancing privacy costs with information benefits. We will spend significant time studying differentially private algorithms for querying data. In addition, we will discuss ethical and political arguments for why privacy is needed and discuss the framing of privacy in terms of a tradeoff between individual privacy and societal benefit. In this context, we will critique current popular technical and regulatory approaches to data privacy from a quantitative theory perspective.

According to the UN declaration of human rights, privacy is a fundamental human right. Data privacy reduces information asymmetries and therefore reduces inequalities in power between individuals and corporations and other institutions, reduces possibilities for persecution, allows dissent, and is intrinsically connected to democracy. As such it touches on a multitude of UN’s Sustainable Development Goals, including gender equality (5), Industry, Innovation and Infrastructure (9), Reduced Inequalities (10), Sustainable Cities and Communities (11), and Peace, Justice and Strong Institutions (16).

Learning outcome


The successful student will have an advanced understanding of the theoretical underpinnings of data privacy. She will be able to relate this understanding to areas ranging from the philosophical, through the political and organizational, to the technical. In particular, she will know privacy as a process of adapting to a changing circumstance and understand the significance of randomness in protecting privacy and quantifying risk, and be able to operationalize this understanding.


  • identify privacy related aspects of data uses
  • evaluate proposed technical mechanisms for privacy protection
  • apply differentially private mechanisms when the sensitivity to requested information to changes in data is readily available

General competence:

  • acquisition of new knowledge and skills from research literature
  • quantitative and qualitative analysis of problems
  • relating technology and society

Learning methods and activities

  • Lectures.
  • A multi-part obligatory activity which includes reading assignments and exercises spread throughout the semester.
  • Voluntary activities. While lectures will introduce tools and concepts as they are needed,self-guided study is expected.
  • Online discussions. An efficient learning tool is explaining to others. The use of an instructor monitored online forum for discussions and questions will be encouraged. Note that teaching activities might need to be performed within a limited time span.

Compulsory assignments

  • Approved exercises

Further on evaluation

Re-sit exam, generally held in august, will be written except when the number of students is too low (might be changed to oral). Beyond that, the entire class must be repeated provided it is offered.

Specific conditions

Admission to a programme of study is required:
Cyber Security and Data Communication (MTKOM)
Digital Infrastructure and Cyber Security (MSTCNNS)
Information Security (MIS)
Information Security (MISD)
Security and Cloud Computing (MSSECCLO)

Course materials

The course primarily reflects the contents of a monograph specifically written for this course that will be made available to the students at the beginning of the semester (a draft is available at

Other materials that form the basis of this course include:

  • The Algorithmic Foundations of Differential Privacy (
  • Stanford Encyclopedia of Philosophy (
  • Reports from the Norwegian Data Protection Authority (
  • Regulations concerning privacy: GDPR Homepage (, Datatilsynet (
  • Select materials on disclosure control and information security

More on the course



Version: 1
Credits:  7.5 SP
Study level: Second degree level


Term no.: 1
Teaching semester:  AUTUMN 2023

Language of instruction: English

Location: Gjøvik , Trondheim

Subject area(s)
  • Computer and Information Science
  • Information Security
Contact information
Course coordinator:

Department with academic responsibility
Department of Information Security and Communication Technology


Examination arrangement: School exam

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Autumn ORD School exam 100/100 C 2023-11-27 09:00 INSPERA
Room Building Number of candidates
SL310 turkis sone Sluppenvegen 14 7
M433-Eksamensrom 4.etg Mustad, Inngang A 3
Summer UTS School exam 100/100 C INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU