Information Privacy Policies and Enhancing Technologies

The course aims to teach general and specialized knowledge in the field of information privacy protection. The course aims in the understanding of a conceptual framework for the scientific field of information privacy. The course material includes issues related to information privacy, such as the protection of personal data, the properties of anonymity, non-linkability, non-traceability and non-observability. In addition, the legal and regulatory framework for the protection of personal data is analyzed. Finally, specialized knowledge and skills are provided regarding data protection mechanisms, such as data protection impact analysis and mechanisms and tools for enhancing information privacy (e.g. anonymizers).

Upon successful completion of the course, the student will:

• Possess knowledge on the concepts and issues related to information privacy and related properties
• Possess knowledge on methods for eliciting and modeling privacy specifications during the analysis and design of information systems and applications
• Be able to use the knowledge and skills acquired about information privacy in the development and design of information systems and applications
• Hold advanced skills in using and critically evaluating the available technologies for enhancing information privacy protection
• Be able to develop and evaluate privacy policies in information systems and applications
• Be able to understand and recognize current developments and challenges in the broader field of information privacy

The course curriculum includes:

• Introduction to the concept of information privacy
• The legal and regulatory framework for personal data protection - The General Data Protection Regulation
• Implications of the regulatory framework for the protection of personal data for information systems engineers and privacy officers
• Privacy policies. Structure, contents, presentation and analysis of case studies
• Conceptual framework of information privacy. The properties of anonymity, non-observability, non-traceability, non-connectivity.
• Integrating privacy requirements from system design. Privacy by design methodologies and modeling privacy specifications. The LINDDUN methodology
• Data protection impact analysis. Methodologies and tools.
• Anonymization and pseudonymization mechanisms and software tools
• Privacy enhancing technologies, including anonymizers, certification frameworks (TRUSTe), user preference analysis (P3P), onion routing, plug-ins
• Privacy competency models for professionals and Internet users
• Privacy concerns and privacy awareness of Internet users

• Lambrinoudakis K., Mitrou L., Gritzalis S. and Katsikas S. (2010), Privacy Protection and Information and Communication Technologies: Technical and Legal Issues, Papasotiriou Publications
• Katsikas S., Gritzalis S. and Lambrinoudakis K., (2020) Information Security of Systems in Cyberspace, New Technologies Publications
• Galanis Th., Igglezakis I., Ioannidis G., Kalfelis G., Koukiadis D., Mantzoufas P., Mitrou L., Panagopoulou F., Rammos Ch., Sachpekidou E., Stangos P., Toliopoulos N., Tsolias G., (2024), Privacy in the Digital era, AEETE Law Library

Related scientific journals:

• Journal of Information Privacy and Security, Taylor & Francis
• Information and Computer Security, Emerald
• International Journal of Information Security, Springer
• Computer Law & Security Review, Elsevier

Teaching is carried out through:

• Theoretical lectures
• Laboratory lectures and exercises
• Seminars and tutorials

The Department's online services and applications are used for the organization of educational material and teaching support (opencourses).

Email services are used for communication with teachers and students.

Specialized software applications for the protection of privacy are taught and used: indicatively, anonymizers, CNIL PIA.

The assessment is carried out in the Greek language.

Written exams: 60%

Written assignments: 40%