Course Overview

The class is a seminar course on human-centered privacy design and systems. In this class, we will explore the topic of designing and developing privacy-aware digital systems by providing an overview of technical, design, and legal perspectives. Students will learn theoretical frameworks of privacy, privacy design principles, privacy laws, and privacy-enhancing technologies. We will also cover user research methods that are useful for designing and evaluating digital systems that are aware of and respectful to users’ privacy preferences, informed by their lived experiences. In the latter part of this course, we will discuss special topics in human-centered privacy design and system building, including the privacy implications of emerging technologies (e.g., LLM, XR), inclusive privacy design challenges, and engineering support for privacy by design.

Learning Objectives

Privacy issues are becoming a primary concern in the increasingly connected and data-intensive world. This course aims to equip students with the skills and knowledge to manage privacy issues responsibly as researchers and practitioners. Specifically, by taking this course, you are expected to gain:

• Systematic and human-centered approaches to analyzing privacy challenges in digital systems and emerging technologies.
• A skill set for proposing practical solutions to privacy challenges using a combination of human-centered design and technical system building.
• The ability to appreciate, critique, and conduct research at the intersection of HCI and privacy.

Administrivia

Classroom: West Village H (WVH) 166
Time: Monday and Wednesday 2:50-4:30pm
Instructor: Tianshi Li
Office: 177 Huntington Ave, 505
Office Hours: Wednesday 1-2pm

Grading

• 20% Class Participation
• 20% Reading Commentaries
• 20% Discussion Lead
• 40% Project, including
  • 5% Project proposal (Due: Sep 25)
  • 10% Mid-term Presentation
  • 15% Final presentation
  • 10% Final project report

Schedule

Note: The class schedule is tentative and subject to change! Please check the online schedule frequently.

Week	Topic	Date	Activity	Reading List
Week 1	Introduction	Sep 2 (Labor day, no class)		N/A
		Sep 4	Lecture
Week 2	Key concepts in privacy	Sep 9	Lecture	The Slow Violence of Surveillance Capitalism (FAccT 2023) Deepfakes, Phrenology, Surveillance, and More! A Taxonomy of AI Privacy Risks PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action
		Sep 11	Discussion
Week 3	Foundations of human-centered privacy	Sep 16	Lecture	“My Data Just Goes Everywhere:” User Mental Models of the Internet and Implications for Privacy and Security Privacy and human behavior in the age of information Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing (UbiComp 2012)
		Sep 18	Discussion
Week 4	Privacy and Compliance	Sep 23	Lecture	Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts (CHI 2021) Understanding Dark Patterns in Home IoT Devices (CHI 2023) Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps' Privacy Policies (PETS 2024)
		Sep 25	Discussion
Week 5	Privacy Design Principles	Sep 30	Lecture	A Design Space for Effective Privacy Notices (SOUPS 2015) Automating Contextual Privacy Policies: Design and Evaluation of a Production Tool for Digital Consumer Privacy Awareness (CHI 2022) “I’m not convinced that they don’t collect more than is necessary”: User-Controlled Data Minimization Design in Search Engines (USENIX Security 2024)
		Oct 2	Discussion
Week 6	Privacy-Enhancing Technologies	Oct 7	Guest Lecture (Speaker: Dr. Jayshree Sarathy)	"I need a better description'': An Investigation Into User Expectations For Differential Privacy (CCS 2021) Don’t Look at the Data! How Differential Privacy Reconfigures the Practices of Data Science (CHI 2023) Image DePO: Towards Gradual Decentralization of Online Social Networks using Decentralized Privacy Overlays (CSCW 2022)
		Oct 9	Discussion
Week 7	AI Privacy	Oct 14 (Indigenous Peoples’ Day, no class)		Human-Centered Privacy Research in the Age of Large Language Models
		Oct 16	Guest Lecture (Speaker: Ken Liu)
Week 8	AI privacy (LLM)	Oct 21	Lecture	“It’s a Fair Game”, or Is It? Examining How Users Navigate Disclosure Risks and Benefits When Using LLM-Based Conversational Agents (CHI 2024) What Does it Mean for a Language Model to Preserve Privacy? (FAccT 2022) Beyond Memorization: Violating Privacy Via Inference with Large Language Models
		Oct 23	Discussion
Week 9	AI Privacy (Multimodal)	Oct 28	Mid-term Project Presentation	Granular Privacy Control for Geolocation with Vision Language Models CONFIDANT: A Privacy Controller for Social Robots (HRI 2022) Iteratively Prompting Multimodal LLMs to Reproduce Natural and AI-Generated Images (COLM 2024)
		Oct 30	Discussion
Week 10	XR and Privacy	Nov 4	Lecture	Security and Privacy for Augmented Reality: Our 10-Year Retrospective Going Incognito in the Metaverse: Achieving Theoretically Optimal Privacy-Usability Tradeoffs in VR (UIST 2023) When the User Is Inside the User Interface: An Empirical Study of UI Security Properties in Augmented Reality (USENIX Security 2024)
		Nov 6	Discussion
Week 11	Inclusive Privacy	Nov 11 (Veterans Day, no class)		Designing Accessible Obfuscation Support for Blind Individuals’ Visual Privacy Management (CHI 2024) “If sighted people know, I should be able to know:” Privacy Perceptions of Bystanders with Visual Impairments around Camera-based Technology (USENIX Security 2023) “A Stalker's Paradise”: How Intimate Partner Abusers Exploit Technology (CHI 2018)
		Nov 13	Lecture
Week 12	Designers and developers	Nov 18	Lecture	How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit (CSCW 2021) "I Don't Know If We're Doing Good. I Don't Know If We're Doing Bad": Investigating How Practitioners Scope, Motivate, and Conduct Privacy Work When Developing AI Products (USENIX Security 2024) Farsight: Fostering Responsible AI Awareness During AI Application Prototyping (CHI 2024)
		Nov 20	Discussion
Week 13	Inclusive Privacy (discussion)	Nov 25	Discussion	Discussing the readings in Week 11
		Nov 27 (Fall break, no class)
Week 14	Wrap-up & Recap	Dec 2	Final presentation	N/A
		Dec 4	Lecture

Additional reading

• “A Taxonomy of Privacy” by Daniel J. Solove
• “Privacy Harms” by Danille Keats Citron and Daniel J. Solove
• Redesigning Privacy with User Feedback: The Case of Zoom Attendee Attention Tracking
• Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems
• Is There a Reverse Privacy Paradox? An Exploratory Analysis of Gaps Between Privacy Perspectives and Privacy-Seeking Behaviors
• The myth of the privacy paradox
• A Design Space for Effective Privacy Notices (SOUPS 2015)
• Ask the Experts: What Should Be on an IoT Privacy and Security Label? (S&P 2020)
• How Usable Are iOS App Privacy Labels?
• Understanding Challenges for Developers to Create Accurate Privacy Nutrition Labels
• CONFIDANT: A Privacy Controller for Social Robots
• End-User Privacy in Human–Computer Interaction
• Privacy Norms for Smart Home Personal Assistants
• Towards Understanding Differential Privacy: When Do People Trust Randomized Response Technique? (CHI 2017)
• Taxonomy of Risks posed by Language Models
• The Ethics of Advanced AI Assistants
• Obfuscation: A User’s Guide for Privacy and Protest
• CHKPLUG: Checking GDPR Compliance of WordPress Plugins via Cross-language Code Property Graph (NDSS 2023)
• Privacy-Enhancing Technology and Everyday Augmented Reality: Understanding Bystanders’ Varying Needs for Awareness and Consent
• Privacy as Trust: Information Privacy for an Information Age
• Privacy in Context: Technology, Policy, and the Integrity of Social Life
• Understanding Privacy-Related Advice on Stack Overflow
• Bringing Design to the Privacy Table: Broadening “Design” in “Privacy by Design” Through the Lens of HCI
• Honeysuckle: Annotation-Guided Code Generation of In-App Privacy Notices (UbiComp 2021)