Carnegie Mellon University
Center for Executive Education in Technology Policy (CEE-TP)  ›  ict-courses  ›  Digital and online privacy for policy makers

Digital and online privacy for policy makers

Co-Instructors:

  • Pam Dixon, Founder and Executive Director of the World Privacy Forum, and co-chair United Nations Statistics Data Governance Committee
  • Aleecia McDonald, Carnegie Mellon University Professor and former Chair of W3C Do-Not-Track standards committee
  • Frederik Zuiderveen Borgesius, Professor of ICT and Law at Radboud University, The Netherlands

This course begins with an overview of privacy thought and global legal and policy frameworks. The course covers the history and thinking that underlies many approaches to privacy, including background on early privacy thought, including the Fair Information Practice Principles (FIPPs) and Privacy by Design (PbD). This section also covers an overview of regional differences and similarities in privacy frameworks and policies, as well as an update on modern trends and issues in privacy and data governance. The next portion of the course covers the legislative history that brought the GDPR into being.  Many national laws mirror European laws, particularly building upon the General Data Protection Regulation (GDPR). Emphasis is on current legal requirements, particularly the European version of the FIPPS, the possible legal bases for processing data, including consent, and the regulation of online marketing.  The final portion of this course addresses approaches to privacy within companies through technical means and frameworks, including LINDDUN and the Global Privacy Control (GPC) to help contextualize corporate fears of “breaking the Internet” with privacy laws. It concludes with a selection of prior attempts to address privacy that have thus far not worked in practice, to avoid repeating mistakes of the past.

  • This course is intended for people involved in ICT in policy, law, or technology. Because privacy affects so many different aspects of modern life, the course is designed to be broadly applicable.
  • Upon completing the course, participants will have a greater understanding of how national privacy laws fit together and the logic that underpins them.
  • Basic legal or technical understanding, particularly of how the Internet works, is helpful for context. However, there are no knowledge prerequisites.