Privacy engineering#
About the book#
Contents#
The first chapter is introduces to the General Data Protection Regulation, including its ethical and legal motivations, and detailing relevant articles, especially those dedicated to the rights of the data subjects and the obligations of the data controllers and processors.
One of the obligations of data controllers is to adhere to privacy by design and by default principles, which we introduce in the second chapter. These principles include a collection of data and process strategies that tie in the processing principles laid out by the GDPR with specific practices, software architectures, tools, and techniques. We also include details on data protection impact analysis.
The rest of the book is dedicated to the technical measures that limit access to personal information or the risk of disclosure while still allowing useful processing. We start with a collection of privacy enhancing techniques, mostly cryptographic, which allow private interactions between subjects and controllers and that allow controllers to make computations on protected data. Then, we move on to anonymization, detailing principles and techniques applicable to structured data like microdata and statistical tables and to semi and unstructured data, like images, text, locations, and genetic data. We end the book with privacy considerations in machine learning, including threats, attacks, and countermeasures.
Acknowledgements#
This course is a result of the INCIBE-URV Chair in Cybersecurity (C067/23), a collaboration agreement between the National Cybersecurity Institute (INCIBE) and the Universitat Rovira i Virgili. This initiative is carried out within the framework of the Recovery, Transformation, and Resilience Plan funds, financed by the European Union (Next Generation), the Government of Spain’s project that outlines the roadmap for the modernization of the Spanish economy, the recovery of economic growth and job creation, for solid, inclusive, and resilient economic reconstruction after the COVID-19 crisis, and to address the challenges of the next decade.