Hide menu

Introduction to Information Privacy


Status Archive
School National Graduate School in Computer Science (CUGS)
Division ADIT
Owner Nahid Shahmehri

  Log in  

Course plan


Recommended for

Recommended for PhD students.

The course was last given



The course provides understanding of the area of privacy. It is organized into two parts: an introduction to privacy and privacy-enhancing technologies, and a deeper study in a selected research area in the field of privacy: database privacy. Each part has its own set of learning outcomes. Passing this course means that a student should,

- recognize the privacy terminology
- identify the principles and motivation of the research in the field of privacy
- classify privacy-enhancing technologies and reflect about their fundamentals
- apply privacy-enhancing technologies in different contexts
- recognize main concepts in database privacy;
- describe major data protection methods for different types of data;
- apply techniques for measuring disclosure risk and information loss / data utility for protected data


MSc in mathematics or computer science/engineering, with some background in Security, and knowledge of maths.


The goal of data privacy and privacy enhancing technologies is to develop theories and technologies that permit the access to information avoiding the disclosure of sensitive information. Different approaches focus on different answers to the questions of what sensitive data are, how sensitive data are represented, and how an adversary can recover sensitive data.

Privacy preserving data mining (PPDM) and statistical disclosure control (SDC) are two areas of research that focus on the problems of data privacy.

In this course, the main concepts to be studied are related to data privacy. Major approaches for data protection will be reviewed and there will be discussions on how these methods ensure privacy. Also subjects to discussions are: disclosure risk measures that evaluate to which extent protected data ensures confidentiality, and information loss measures that evaluate whether protected data is still useful for their analysis.

Concrete examples to be discussed are data protection methods for numerical and categorical database protection, and measures for information loss and disclosure risk for these types of databases. We will also discuss some examples on other types of databases as e.g. online social networks.


The course consists of two equally important parts: an introduction to privacy and privacy-enhancing technologies and a deeper study in a selected research area in the field of privacy: database privacy. Both parts are focused on lectures, the study of relevant literature, discussions, group activities and practical assignments. The practical part consists of a project work in the area of information privacy, which may, but not necessarily, be related to the content of the lectures. Participants are required to plan and document their work.

Part I: Introduction to Privacy and Privacy-Enhancing Technologies
1. Introduction to Privacy
a. Definition of Privacy
b. Legal Aspects
c. Research Areas in Privacy
2. Anonymity and Pseudonyms
a. Identity and Identifiers
b. Types of Pseudonyms
c. Anonymity
3. Anonymous Communication Mechanisms
a. The Dining Cryptographers
b. MIX Networks
c. Crowds
d. Onion Routing and TOR
4. An Introduction to an ongoing research area in the field of privacy

Part II: Privacy Aspects in Data Mining
0. For those unfamiliar:
a. Elements of machine learning
b. Clustering and comparison of partitions
c. Association rules
1. Data Privacy Dimensions
a. Owner privacy
b. Respondent and owner privacy
c. Data-driven or general-purpose
d. Computation-driven or specific-purpose
e. Result-driven
2. Data protection methods
3. Information loss measures
4. Disclosure risk measures


The following literature:
C. C. Aggarwal, P. S. Yu (Eds.) Privacy-Preserving Data Mining: Models and Algorithms, Springer, 2008.

G. T. Duncan, M. Elliot, J. J. Salazar-Gonzalez, Statistical Confidentiality: Principles and Practice, Springer, 2011.

A. Hundepool, J. Domingo-Ferrer, L. Franconi, S. Giessing, E. S. Nordholt, K. Spicer, P.-P. de Wolf, Statistical Disclosure Control, Wiley, 2012.

A. Pfitzmann, M. Hansen. A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. v0.34, 10 Aug 2010.

S. Fischer-Hübner, D. Kesdogan, L. Martucci. Privacy and privacy-enhancing technologies. In: S. Furnell, S. Katsikas, J. Lopez, A. Patel (Eds.) Securing Information and Communication Systems: Principles, Technologies, and Applications. Artech House, Norwood, MA, USA. ch.11, p.213-242.

P. Syverson, D. Goldschlag, M. Reed. Anonymous connections and onion routing. In Proc. of the 1997 IEEE Symposium on Security and Privacy (S&P 1997), pages 44–54. IEEE Computer Society, 4–7 May 1997.

M. Reiter, A. Rubin. Crowds: anonymity for web transactions. ACM Transactions on Information and System Security (TISSEC), 1(1):66–92, 1998. ISSN 1094-9224. doi: http://doi.acm.org/10.1145/290163.290168


See the organization.


Examiner: Nahid Shahmehri
Guest lecturers: Drs. Leonardo Martucci, Vicenc Torra.


Both theoretical writing/exam and practical work.


4 hp

Organized by



Registrations are binding.
The lectures will be in intensive form. A schedule will be provided after the participants are registered to the course.

Page responsible: Director of Graduate Studies