Privacy Engineering

Module aims

The course aims to introduce the fundamental concepts and techniques for data privacy. The course will help prepare students to pursue research in data privacy and to apply data privacy techniques in industry.

Learning outcomes

Knowledge and Understanding
* To understand that privacy has many definitions and many interpretations. To illustrate with examples privacy violations, threats to privacy, what data is sensitive, consequences of unauthorised disclosure, reasons for privacy, and the negative aspects of providing privacy.
* To understand the principles and limits of data pseudonymization and anonymization for the protection of people’s privacy. Understand the difference between anonymizing small and big (high-dimensional) data
* To understand query-based systems and the concept and definition of differential privacy, the guarantees it provides and differential privacy mechanisms.
* To understand the attack and defence mechanisms for privacy online.
* To understand the theory and limitations of various cryptographic encryption methods for privacy.
* To understand the principles of data protection.

Intellectual Skills
* To assess where data privacy concerns arise in data-oriented computer systems and services, what data privacy techniques should be adopted and their limitations.
* To assess the robustness of data anonymization techniques
* To devise attacks against data anonymization techniques or systems.
* To devise and analyse differential-privacy mechanisms and queries for simple scenarios.
* To prove that mechanisms are differentially private.
* To design and evaluate simple SMC protocols.
* To assess privacy design of well-known cloud-based services.
* To assess the data privacy policy of an organisation.
* To express data privacy policies using formal specifications.
* To identify how data-oriented computer systems and services can comply with data protection regulations.

Practical Skills
* To anonymize and re-identify small and big data datasets
* To write algorithms to attack query-based/question-and-answers systems
* To write differentially-private functions and evaluate the use of differential privacy on personal data sets.
* To implement cryptographically-based systems for privacy.

Module syllabus

Introduction to Privacy: definitions, legal, social and ethical aspects, Solove's taxonomy.

Data Anonymisation and Re-identification: pseudonymization and hashing, k-anonymity, l-diversity, t-closeness and the associated attacks. Unicity and the limits of anonymization of big (high-dimensional) data. Matching attacks and algorithms for location and other behavioral datasets.

Query-based system: security measures, query set size restriction, noise addition and attacks against them (intersection attacks, noise-exploitation attacks, averaging attacks)

Differential Privacy: key concepts and definitions, Laplace mechanism, privacy budget, global sensitivity, group privacy, histograms, local differential privacy.

Cryptographic techniques for privacy: secure multiparty computation, garbled circuits, secret sharing schemes, oblivious transfer, homomorphic and functional encryption, private set intersection, applications: elections, auctions, location-sharing, email, databases, cryptocurrencies.

Data Protection: principles, GDPR, techniques for compliance, policy specification and enforcement, database access controls.


Teaching methods

The course will consist of 14 two-hour slots of lectures and tutorials.    


Assessed coursework and a final exam.

Module leaders

Dr Naranker Dulay
Dr Yves-Alexandre de Montjoye