Data Privacy (Fall 2026 draft)

Course overview

How can we use data to build useful systems without exposing the people behind the data? This course introduces the core ideas of modern data privacy through concrete attacks, practical defenses, and hands-on labs.

The course is designed for advanced undergraduates. We will start with privacy failures that students can observe directly, then build toward differential privacy, privacy-aware machine learning, and privacy-enhancing technologies such as MPC, HE, TEE, and network privacy tools. The emphasis is on technical understanding, experimental reasoning, and clear communication rather than graduate-level novelty.

What you will learn

• How common privacy attacks work, including extraction, membership inference, linkage, and reconstruction.
• How to reason about privacy defenses, especially differential privacy and its utility trade-offs.
• How privacy engineering differs across machine learning, databases, and systems settings.
• How to read, critique, and explain privacy papers and experimental results.

Who should enroll?

This version of the course is aimed at advanced undergraduates in computer science, data science, or related areas.

Required background:

• Python programming.
• Basic probability.
• Comfort reading and modifying short pieces of code.

Recommended background:

• One prior course in machine learning, security, cryptography, or data science.
• Familiarity with vectors, matrices, and simple model evaluation metrics.

You do not need prior experience with LLM training, privacy research, or advanced cryptography.

Why take this course?

Privacy is now part of the job in machine learning, data science, and systems work. Engineers are expected to understand not only how to build models, but also how those models leak, what protections are realistic, and where the trade-offs appear in practice. This course is intended to prepare students for that level of technical judgment.

Course info

• Instructor: Tianhao Wang
• TA: TBD
• Location: TBD
• Time: TBD
• Canvas: will be posted before the semester begins
• Format: in-person lectures with labs, quizzes, reading warm-ups, and a scoped final project
• Note: this is a draft for Fall 2026. Exact logistics, room, and due dates may shift.
• Policy

Grading

• Labs (35%): four take-home labs; most labs are pair-based, but individual submission is allowed.
• Project (30%): topic check-in (5%), proposal (5%), poster/demo (10%), final report (10%). See the milestone guide and project rubric.
• Quizzes (20%): two in-class quizzes on foundations and core mechanisms.
• Exit tickets / participation (10%): short check-ins tied to lecture attendance and engagement.
• Reading warm-ups (5%): short individual responses on selected course readings.
• Grading scale: we use the UVA default Grading Basis

Schedule

Tentative Monday/Wednesday plan for Fall 2026. It follows the UVA academic calendar: courses begin on August 25, Fall Reading Days run October 3-6, Thanksgiving recess runs November 25-29, and courses end on December 8. Room assignments and some due dates may still change.

Week 1 Aug 24-28

Monday

No class. Arrival and welcome period.

Wednesday

Course overview and what privacy means in practice.

No deliverable

Week 2 Aug 31-Sep 4

Monday

ML background for privacy.

Wednesday

Privacy attacks: extraction and memorization.

No deliverable

Week 3 Sep 7-11

Monday

Attack recap and extraction discussion.

Wednesday

Membership inference and attack evaluation.

Lab 1 out

Week 4 Sep 14-18

Monday

Linkage, singling-out, and reconstruction.

Wednesday

Defenses before DP: anonymization and its limits.

Reading warm-up 1

Week 5 Sep 21-25

Monday

Differential privacy: definition, adjacency, sensitivity.

Wednesday

Laplace, Gaussian, and report noisy max.

Quiz 1

Week 6 Sep 28-Oct 2

Monday

Composition and privacy accounting.

Wednesday

DP case studies in data analysis.

Lab 2 out

Week 7 Oct 5-9

Monday

No class. Fall Reading Days.

Wednesday

Private learning: DP-SGD intuition and practice.

Project topic check-in

Week 8 Oct 12-16

Monday

Local DP and federated settings.

Wednesday

Exponential mechanism and private selection.

Reading warm-up 2

Week 9 Oct 19-23

Monday

Project workshop and paper discussion.

Wednesday

Cryptography background for privacy engineers.

Project proposal

Week 10 Oct 26-30

Monday

MPC basics and trust models.

Wednesday

MPC for simple analytics and inference.

Lab 3 out

Week 11 Nov 2-6

Monday

HE, TEE, and system trade-offs.

Wednesday

Network privacy, telemetry, and metadata.

No deliverable

Week 12 Nov 9-13

Monday

Privacy engineering case studies.

Wednesday

Applied PETs: choosing the right tool.

Lab 4 out

Week 13 Nov 16-20

Monday

Project workshop and poster clinic.

Wednesday

Guest lecture or advanced topic.

Quiz 2

Week 14 Nov 23-27

Monday

Review and synthesis.

Wednesday

No class. Thanksgiving recess.

Reading warm-up 3

Week 15 Nov 30-Dec 4

Monday

Poster / demo session, group 1.

Wednesday

Poster / demo session, group 2.

No deliverable

Week 16 Dec 7-11

Monday

Course wrap-up and what to do next in privacy.

Wednesday

No class. Finals period.

Final report

More resources

Courses

Core DP & privacy

• Privacy in Statistics and Machine Learning (video) Spring 2023 by Adam Smith (BU) and Jonathan Ullman (NEU)
• Algorithms for Private Data Analysis (video) Winter 2026 by Gautam Kamath (Waterloo)
• Applied Privacy for Data Science Spring 2022 by James Honaker, Wanrong Zhang, and Salil Vadhan (Harvard)
• Introduction to Differential Privacy: Theory, Algorithms and Applications (video) Fall 2024 by Yuxiang Wang (UCSD)
• Algorithms for Private Data Analysis Fall 2020 by Aleksandar Nikolov (UofT)
• Privacy Enhancing Technologies Summer 2025 by Saba Eskandarian (UNC)

Other flavors (theory, systems, fairness, ML)

• Theory: The Algorithmic Foundations of Adaptive Data Analysis Fall 2017 by Aaron Roth (Penn) and Adam Smith (BU)
• Systems: Private Systems Spring 2020 by Roxana Geambasu (Columbia)
• Mechanism design: Differential Privacy in Game Theory and Mechanism Design Spring 2014 by Aaron Roth (Penn)
• Fairness: CS 294: Fairness in Machine Learning (UC Berkeley, Moritz Hardt)
• ML: Privacy Preserving Machine Learning Spring 2022 by Aurelien Bellet (Inria)

Books

Cryptography & MPC

• The Joy of Cryptography
• A Pragmatic Introduction to Secure Multi-Party Computation
• A Graduate Course in Applied Cryptography
• Handbook of Applied Cryptography

Privacy-enhancing technologies (DP, anonymization)

• The Algorithmic Foundations of Differential Privacy
• Differential Privacy: From Theory to Practice
• The Complexity of Differential Privacy
• Differential Privacy: A Primer for a Non-Technical Audience
• Protecting Your Privacy In A Data-driven World
• Differential Privacy for Databases