Skip to main content


We look to detect, measure, and mitigate sensitive information leakage in various scenarios including data publishing, internet of things, mobile and cloud applications, and training machine learning algorithms.

In order to support data-driven innovation, we need to record, collect, share and process vast amounts of data. That data, however, are frequently sensitive.

Therefore, when handling them, there is a risk that sensitive information about individuals and organisations will leak, causing emotional distress, reputational damage, disclosure of trade secrets and financial repercussions.

Our research involves the detection of information and data leakage risks in modern systems, recording and quantifying the leakage, and mitigating it with appropriate techniques (such as data obfuscation).


  • Elicit privacy requirements from stakeholders (individuals, organisations with large data collections).
  • Detect privacy leakage in existing systems.
  • Develop practical sociotechnical solutions for preserving privacy without degrading data/application quality.
  • Disseminate and deploy privacy solutions and recommendations to influence policy and innovation.
  • Inter-disciplinary collaboration on human, social, legal, and business aspects of privacy.
  • Provide advice on creating and developing systems that are private by design.


The focus of our research is on the following topics:

  • Privacy-preserving data publishing, including the generation of synthetic data with differential privacy guarantees.
  • Privacy for machine learning algorithms.
  • Privacy for internet of things devices and applications.


Recent and ongoing projects:

Privacy-Aware Cloud Ecosystems (PACE)

This project was funded by EPSRC and led by:

With increasing take up of externally provisioned and managed services (from government, finance, entertainment), often hosted over cloud computing infrastructure, there is a realisation that online electronic services can involve an interlinked range of providers. As more people move online globally over the next decade, both opportunities and threats grow. Consider, for instance, a coffee chain that initially provided wifi services to customers, now working in collaboration with data centre providers to offer additional services to users (such as edge data storage, multimedia caching, etc).

This project addresses security and privacy requirements of such environments, where multiple cloud computing providers need to work collaboratively to offer services to a user. Users of these services only interact with a web interface rather than the larger distributed service ecosystem, and are often unfamiliar with the ecosystem of providers that are involved in offering them a particular capability. Their visibility beyond the first service provider is often missing, requiring them to trust the provider in handling and managing their data. This is a significant challenge, and often deters the use of online services (especially for data providers which are new in the market place).

We aim to improve transparency, enable an audit trail of providers and facilitate greater trust between users and service providers. We propose a technological solution in the form of a mobile software "container" that will ensure that all access instances are securely logged on a blockchain, where they can be checked for compliance against the permissions the user has given.

Meet the team

Lead researcher

Academic staff


Next steps


Research that matters

Our research makes a difference to people’s lives as we work across disciplines to tackle major challenges facing society, the economy and our environment.


Postgraduate research

Our research degrees give the opportunity to investigate a specific topic in depth among field-leading researchers.


Our research impact

Our research case studies highlight some of the areas where we deliver positive research impact.