Privacy by Design – Data Protection: Concepts, Technology, Implementation and Management
The course comprises five modules. The course content will be provided on an e-learning platform in self-study format. Registration and enrolment synchronized with the reading cycle are necessary for examination.
Module 1 Introduction to Privacy and the GDPR
The module includes the definitions, history and foundations of privacy with an emphasis on the challenges in information and communication technology. The focus is on the European and national (Swedish) laws regulating privacy, data protection and cyber safety, including agreements on transferring personal information beyond the EU. Some important decisions of the EU court in this area are discussed.
Module 2 Privacy Enhancing Technologies
The module introduces security and privacy mechanisms and technologies and proceeds to focus on how security and privacy mechanisms can be used to solve practical and theoretical problems, along with discussions of their advantages and disadvantages.
Module 3 Designing for Privacy
The module introduces the foundations of privacy, data protection, and privacy enhancing technologies, and focuses on the concepts of privacy by design and privacy impact assessments by exploring the relevant background, their relationship to the foundation and fundamental human rights, and by introducing relevant methods.
Module 4 Privacy Management
The module deals with privacy management as part of an organization's information security management. It introduces approaches to privacy management, provides deepened insight into one management approach, and explains how privacy threats can be anticipated and mitigated. Privacy risk and impact analysis are included in the management cycle, as is the selection of privacy control mechanisms.
Module 5 Privacy Patterns for Software Design
The module deals with privacy aspects during software design. It particularly focuses on architectural tactics and patterns as reusable conceptual solutions to recurring privacy problems. It also outlines how to use these concepts in agile development settings in order to engineer privacy into software.
The following components are included:
- Fundamental concepts of architectural tactics and patterns
- Privacy as quality attribute of software systems
- Introduction to privacy patterns, privacy anti-patterns, and privacy dark patterns
- Applying privacy patterns in agile development.