Two weeks ago I was on a trip to Spain as guest lecturer at a Spanish university, University of Valladolid, which happens to be as well my alma mater 🙂
The invitation came as part of the framework of the Erasmus+ program in which this university participates and heavily promotes at all levels (i.e., students, academics and staff).
The idea of the program is to promote the reception of professionals from other countries of the European Higher Education Area (EHEA) within the framework of the Erasmus+ program. And the goal is to get the students of the University of Valladolid to receive teaching from the perspective of a professional in their area of knowledge from other European countries.
My involvement was on a couple of courses taught at the computer science engineering school: one course that discusses the role of the future computer science professional in its daily work and in the frame of society, and another course more focused on computer security (i.e., software security, cryptography, privacy, etc…).
So… what did I do then in those two courses? I decided to discuss a couple of topics, one being the General Data Protection Regulation (GDPR) implementation at Bonnier Broadcasting and the perception of privacy and transparency in Sweden, and the other one about the analysis and design of privacy-preserving protocols.
For the first topic, GDPR at Bonnier Broadcasting, I focused on how transparency is the basis for many things in Swedish society and how that drives and reflects in enterprises and the contractual relations with their customers. At Bonnier Broadcasting, we have recently worked on the development of a user data portal that allows our customers to exercise their rights in a user-friendly and automated manner, the latter particularly important for us due to the volume of data we process every second.
In Sweden, openness is part of society and daily life (e.g., Sweden was one of the very first countries to include freedom of the press in its constitution), and that reflects in the way of working and business. In Spain, such openness is not that explicit in many cases and certain aspects are considered part of the private realm (e.g., fiscal information is heavily protected as personal information in Spain as opposed to Sweden where it is available to anyone).
There is no right or wrong here, it is just different cultures and societies that even with the same legal framework (GDPR), the actual implementation and translation may differ slightly. And this was one of my goals when presenting this topic framed with an actual depiction of the implementation of the GDPR regulation by a Swedish company in the media sector. The other goal was the more technical one where I showed how we collect, store and process customers’ information in our data platform, and how we make such information available for customers to exercise their rights, specially, when it comes to the ”right to be forgotten”, which poses some technical challenges in the large-scale scenario that we have at Bonnier Broadcasting.
For the second topic, privacy-preserving protocols, I did focus on explaining how one designs privacy-preserving protocols with current cryptographic tools without having to develop newer cryptography (which is an extremely hard although exciting line of work!). An example of one of those protocols could be organising an event in a decentralised online social network scenario (e.g., think of creating an event for your birthday in Facebook… without having that Facebook to rely on for the details of the event, who you invite, etc…).
This part is more related to the prior work I have done as researcher at KTH Royal Institute of Technology that while not directly related to what I work with these days at Bonnier Broadcasting there are many things that influence not only what I do but also how I approach problems together with my colleagues.
For example, data minimisation is an important ‘feature’ of any privacy-preserving protocol and any enterprise should aim at collecting exclusively what it is needed and no more – getting back to GDPR… the regulation itself talks precisely about collecting data for which there is an adequate and relevant reason to do so, but reasons can be found if one wants. Only the data that is really needed, i.e., used, should be collected and processed in a protocol. Reducing the amount of data processed, reduces as well the amount of information that can be inferred should there ever be any leak. Even without an actual leak, information that today cannot be derived, can do so in the future as new data sources are available and processed together with this data.
Overall, the students were quite interested in the topics, at least, if we measure it based on attendance to the lectures 🙂
The experience has been very enriching for myself and I hope for the students too. On a side note, I also realised how culture influences the relation between lecturer and student. I have been myself student in both Spain and Sweden, but until these lectures, I have only been on the ”other side” in Sweden. In Sweden there is a lower threshold between student and lecturer (e.g., the students are more prone to engage with the lecturer at any time) while in Spain there is still some implicit boundary between students and lecturer (e.g., the students are equally attentive but less prone to questions or participation in the classroom).
I believe this gap is more a matter of the educational system because Spain started later than Sweden the harmonisation of the studies and way of teaching and learning in the so called Bologna Process.
While this program is very unique to this university (they said it is the first time some university in the EHEA carries out such type of exchange within the Erasmus+ program) I hope that more universities get on board and try it out. I believe that it is quite important the collaboration between academia and the private sector, not only because the private sector feeds on skilled workers that usually come with some higher education degree but also because there are many more synergies that the ones we can think of.
For example, internships of students on topics that are related to their studies and that are relevant for the enterprise are an easy way for the students to get their feet on the job market and see how work life can be. Moreover, enterprises can also try problems that they don’t consider a priority for the business or simply experimental and potentially find future employees.
At the same time, with the professional experience gained at enterprises, enterprises return to society something else than their legal obligations (e.g., taxes). We should not forget that access to knowledge is a universal human right.
Over and out!
PS: Most of the things I talked to are the result of the collaborative work of a lot of people, in particular, some of my current and prior colleagues at the data team at Bonnier Broadcasting (Kristoffer Adwent, Gustav Byberg, Erik Ferm, Ilyass Garara, Marcus Olsson and Maryam Olyaei) and at KTH Royal Institute of Technology.