Mitrou Lilian
Professor
l.mitrou@aegean.gr
00302273082250
Information/Internet Law - Privacy and Data Protection
Dr. Lilian Mitrou is Professor at the University of the Aegean-Greece (Department of Information and Communication Systems Engineering) and Visiting Professor at the Athens University of Economics, the University of Piraeus and the Harokopeion University (Postgraduate Studies Program). She teaches information law and data protection law. L. Mitrou holds a PhD in Data Protection (University of Frankfurt-Germany). Her thesis concerned the institutional control of data processing and more specifically the Data Protection Models and Authorities in the Federal Republic of Germany and France. She has served as a Member of the Hellenic Data Protection Authority (1999-2003). From 1998 till 2004 she was the national representative in the EC- Committee on the Protection of Individuals with regard to the Processing of Personal Data. She served and still serves as member of many Committees working on law proposals in the fields of privacy and data protection, communications law, e-government etc. . During the Greek Presidency of the Council of EU (2014) she has served as Chair of DAPIX (Working Group on Information Exchange and Data Protection) and since June 2016 she is Chair of the Draft Committee on the adaptation of Greek law to the General Data Protection Regulation (2016/679/EU) and the Data Protection Directive (2016/680/EU). Since November 2016 she is member of the Greek National Council for Radio and Television (NCRTV). She is President of the Institute for Privacy Law, Data Protection and Technology at the European Public Law Organisation (EPLO)> Her professional experience includes senior consulting and researcher positions in a number of private and public institutions and projects on national and international level. Her research interests include: Privacy and Data Protection, eGovernment services, Internet Law, Digital Forensics, Responsible Research and Innovation. L. Mitrou published books, chapters in books and many journal and conference papers (in English, German and Greek).
Research Interests
Her Research Interests include: Privacy, Data Protection, Artificial Intelligence, Access to Information, Electronic Democracy, e-government, e-voting, Internet Law, Electronic Communications Law, Intellectual Property
Teaching Activities
Information Law
Privacy and Data Protection Law
Regulatory and social issues in Information Society
Administrative Activities
ΜΈΛΟΣ ΣΥΜΒΟΥΛΙΟΥ ΙΔΡΥΜΑΤΟΣ (2012- )
ΜEMBER OF THE UNIVERSITY'S COUNCIL (2012-)
R&D Activities - National
Selected Regulatory projects (National)
Ministry of Justice
Member of the Preparatory Committee working on the draft-law on the electronic
surveillance of accused and convicted persons (2012)
Member of the Preparatory Committee working on the transposition of
Directive 2009/136/EC (part concerning the amendment of Directive 2002/58/EC) –
Law 4070/2012
Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of Council Framework Decision 2008/977/JHA of 27 November 2008
on the protection of personal data processed in the framework of police and judicial
cooperation in criminal matters.
Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of the Directive 2006/24/EC (Data Retention Directive)- Law 3917/11
Member of the Preparatory Committee working on the transposition
of the Directive 2002/58/EC on privacy in electronic communications –Law 3471/06
Member of the Preparatory Committee working on the transposition
of the Directive 97/66/EC on privacy in the telecommunications sector – Law 2774/99
Member of the Preparatory Committee working on the transposition
of the Directive 95/46/EC (Data Protection Directive)- Law 2472/97
Ministry of Interior, Decentralisation and Electronic Government
Study-Drafting of Law 3979/11 on Electronic Government
Study-Drafting of Law 3861/2010 on the Publication of State authorities and bodies Decisions on the Internet.
Ministry of Transports, Infrastructure and Networks
President of the Regulatory Committee working on the drafting of a National Electronic Communications Security Plan
Ministry of Labour and Social Insurance
Study-Drafting of Law 3892/2010 on Electronic Prescriptions
Selected Regulatory projects (National)
Ministry of Justice
Member of the Preparatory Committee working on the draft-law on the electronic
surveillance of accused and convicted persons (2012)
Member of the Preparatory Committee working on the transposition of
Directive 2009/136/EC (part concerning the amendment of Directive 2002/58/EC) –
Law 4070/2012
Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of Council Framework Decision 2008/977/JHA of 27 November 2008
on the protection of personal data processed in the framework of police and judicial
cooperation in criminal matters.
Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of the Directive 2006/24/EC (Data Retention Directive)- Law 3917/11
Member of the Preparatory Committee working on the transposition
of the Directive 2002/58/EC on privacy in electronic communications –Law 3471/06
Member of the Preparatory Committee working on the transposition
of the Directive 97/66/EC on privacy in the telecommunications sector – Law 2774/99
Member of the Preparatory Committee working on the transposition
of the Directive 95/46/EC (Data Protection Directive)- Law 2472/97
Ministry of Interior, Decentralisation and Electronic Government
Study-Drafting of Law 3979/11 on Electronic Government
Study-Drafting of Law 3861/2010 on the Publication of State authorities and bodies Decisions on the Internet.
Ministry of Transports, Infrastructure and Networks
President of the Regulatory Committee working on the drafting of a National Electronic Communications Security Plan
Ministry of Labour and Social Insurance
Study-Drafting of Law 3892/2010 on Electronic Prescriptions
Greek Presidency of the European Union 2003
Public Key Infrastructure Services in the Public Sector of the European Union Member States
Greek Lottery Organization Study, Design and Implementation of a Comprehensive Security Plan for the Greek Lottery S.A
Development of an integrated security and business continuity plan
Hellenic General Secretariat for Research and Technology
Hellenic Social Research Center
Public Sector Information for Research
Purposes:
Intellectual Property and Data Protection Issues
Cadastre S.A/ Study on the Use of Cadastre
Information
Drafting of a Regulation concerning the use of Cadastre Information
Ministry of Interior
General Secretary for Public Safety
Study – Assessment of regulatory framework concerning crisis and natural destructions management
Hellenic General Secretariat for Research and Technology
National Documentation Center
PERIKTIONI - Mapping the Feminine Research Work Force
Information Society S.A.
The Greek e-Government Digital Authentication framework
Ministry of Public Administration –
European Public Law Organisation
Legal framework for
e-government services
E-Government
Educational Programs on legal issues of e-government for Cypriot Public Administration
Ministry of Interior and Public Administration Internet voting and online public consultation
Hellenic
Telecommunications
And PostCommission
Evaluation of the Greek Qualified Digital Certificate Providers
Hellenic General Secretariat for Research and Technology
Hellenic Social Research Center
National Research Network and Participation to the development of the European Research Infrastructure CESSDA_RI - So.Da.Net»
( Social Sciences and Humanities )-
Hellenic General Secretariat for Research and Technology
Greek Research
And
Technology
Network
Intellectual Property Issues in relation to Digital Content for educational purposes
Ministry of
Interior,
Decentralisation and
Electronic Government
Study concerning Public Disclosure of the names of accused/convicted persons and debtors
Republic of Cyprus National Public
Administration
Academy
E-Government -Training
Greek General Secretariat for Research and Technology
SPHINX
VOIP - : Distinction between Humans and Machine through interactive audio means
Ministry of
Interior,
Decentralisation
and
Electronic Government
Digital Agenda – Comparative Study on digital market, impacts on society and international aspects of Digital Agenda
Revision of the Cyprus Government Information Systems Security Strategy
Development of a Government Security Policy
R&D Activities - InterNational
• FP7 CA RESPONSIBILITY - Global Model and Observatory for International
Responsible Research and Innovation Coordination –-02/13-01/16
• FP 7 SE PACT - Public Perception of Security and Privacy: Assessing knowledge,
collecting evidence, translating research into action 1/2011-12/2013
• EU – 7th Framework Programme - ICT for Health 2-5-3 –Virtual Physiological Human, Road mapping technology for enhancing security to protect medical & genetic data (RADICAL), 2008-2010
• ΕU - Fundamental Rights Agency- Report Thematic Legal Study on assessment of data protection measures and relevant institutions in Greece (2008-2009)
• European Commission Directorate – General Justice, Freedom and Security, Comparative study on different approaches to new privacy challenges, in particular in the light of technological developments (2008-2009)
• EU - SME Programme, SPIDER (Spam over Internet Telephony Detection Services), Coordinator for Workpackage 6: Legal and Ethical Issues (mainly data protection and communication secrecy issues), 2006-2008
• Project “Assistance to the Ministry of Justice in Bosnia and Herzegovina in internal organization and improvements of administrative capacity to undertake European Integration tasks” - Legal expertise and policy advise in the sector of Data Protection – Third Pillar (2006)
• Expertise for the Council of Europe - Direction of Legal Issues - Depts. of Data Protection /Electronic Democracy - Expertise on data protection draft laws and access to information draft laws of Central and East European Countries and new EU members, Council of Europe, (1999- 2004)
• EU-Information Society DG, IST Programme 2000-29518 "e-VOTE: An Internet Based Electronic Voting System", University of the Aegean (2001-2003)
• Project “Support to the Regulatory Reforms in Albania” - Legal expertise and policy advise on regulatory reform in the field of data protection and electronic governance (2001)
• Project “Scientific Cooperation in the Field of Regulatory Reforms in FYROM. Legal expertise and policy advise on regulatory reform in the field of data protection and electronic governance (2001)
• National Correspondent of the Leuven University (Faculty of Law - Interdisciplinary Centre for Law and Information Technology) - Project: Legal Aspects of Digital Signatures (1997-1998)
• National Correspondent of the Leuven University (Faculty of Law - Interdisciplinary Centre for Law and Information Technology) - Project: IDA- Legal Aspects of Interchange of Data between Administrations (1996)
• Assistance to the Ministry of Justice in Bosnia and Herzegovina in internal organization and improvements of administrative capacity to undertake European Integration tasks – Sector Data Protection – Third Pillar, Centre of European Constitutional Law, (2006)
• Expert for the project “Support to the Regulatory Reforms in Albania”, Centre of European Constitutional Law, (2001)
• Expert for the project “Scientific Cooperation in the Field of Regulatory Reforms, Greece – f.Y.R.O.Macedonia”, Centre of European Constitutional Law, (2001)
Scientific And Professional Organizations Membership
President of the Institute of Privacy Law, Data Protection and Technology established at the European Public Law Organisation
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Journals
DownloadPurpose – The purpose of this paper is to examine how the introduction of new communication channels facilitates interactive information sharing and collaboration between various actors over social networking services and how social networking fits in the existing European legal framework on data protection. The paper also aims to discuss some specific data protection issues, focusing on the role of the relevant actors, using the example of photo tagging. Design/methodology/approach – Privacy in social networks is one of the main concerns for providers and users. This paper examines the role of the main actors in social networking, i.e. the providers and the users, scrutinised under the light of the European data protection legislation. Specifically, how social networking service providers deal with users' privacy and how users handle their personal information, if this manipulation is complied with the respective legislation and how “tagging”, one of the most familiar services provided by the social networking providers, may cause privacy risks. Findings – Social networking is one of the most remarkable cultural phenomena that has blossomed in the Web 2.0 era. They enable the connection of users and they facilitate the exchange of information among them. However, the users reveal vast amounts of personal information over social networking services, without realising the privacy and security risks arising from their actions. The European data protection legislation could be used as a means for protecting the users against the unlawful processing of their personal information, although a number of problems arise regarding its applicability. Originality/value – The paper discusses some privacy concerns involved in social networks and examines how social networking service providers and users deal with personal information with regard to the European data protection legislation.
This paper addresses the controversy between employees right to privacy and employers need to safeguard organizational resources by employing monitoring tools. It shows how organizations can formulate use policies, by applying basic principles for fair and lawful monitoring. A list of key points is presented, which organizations should take into account, for developing such policies. Finally, the paper explores how, widely accepted information security standards, such as the ISO 17799, can aid the attempt to address this controversy.
Purpose – This paper seeks to provide an overview of the major technical, organizational and legal issues pertaining to the outsourcing of IS/IT security services. Design/methodology/approach – The paper uses a combined socio-technical approach to explore the different aspects of IS/IT security outsourcing and suggests a framework for accommodating security and privacy requirements that arise in outsourcing arrangements. Findings – Data protection requirements are a decisive factor for IS/IT security outsourcing, not only because they pose restrictions to management, but also because security and privacy concerns are commonly cited among the most important concerns prohibiting organizations from IS/IT outsourcing. New emerging trends such as outsourcing in third countries, pose significant new issues, with regard to meeting data protection requirements. Originality/value – The paper illustrates the reasons for which the outsourcing of IS/IT security needs to be examined under a different perspective from traditional IS/IT outsourcing. It focuses on the specific issue of personal data protection requirements that must be accommodated, according to the European Union directive.
Purpose – The objective of this paper is to investigate the legal and technical reasons why a declaration of will, denoted by a digital signature, can be cancelled and how this cancellation can be technically achieved. Design/methodology/approach – Proposes a technical framework for establishing a signature revocation mechanism based on special data structures, the signature revocation tokens (SRT), and investigates the alternatives for disseminating the signature status information (SSI) to the relying parties. Findings – A relying party has to take into consideration the possible existence of a signature revocation, in order to decide on the validity of a digital signature. A scheme based on a central public repository for the archival and distribution of signature revocation tokens exhibits significant advantages against other alternatives. Originality/value – Identifies various intrinsic problems of the digital signature creation process that raise several questions on whether the signer performs a conscious and wilful act, although he/she is held liable for this action. The law faces the eventual right of the signer to claim a revocation of a previously made declaration of will, especially in cases of an error, fraud
Conferences
Traditionally public decision-makers have been given discretion in many of the decisions they have to make in how to comply with legislation and policies. In this way, the context and specific circumstances can be taken into account when making decisions. This enables more acceptable solutions, but at the same time, discretion might result in treating individuals differently. With the advance of AI-based decisions, the role of the decision-makers is changing. The automation might result in fully automated decisions, humans in-the-loop or AI might only be used as recommender systems in which humans have the discretion to deviate from the suggested decision. The predictability of and the accountability of the decisions might vary in these circumstances, although humans always remain accountable. Hence, there is a need for human-control and the decision-makers should be given sufficient authority to control the system and deal with undesired outcomes. In this direction this paper analyzes the degree of discretion and human control needed in AI-driven decision-making in government. Our analysis is based on the legal requirements set/posed to the administration, by the extensive legal frameworks that have been created for its operation, concerning the rule of law, the fairness – non-discrimination, the justifiability and accountability, and the certainty/ predictability.
The rapid growth of Information and Communication Technologies emerges deep concerns on how data mining techniques and intelligent systems parse, analyze and manage enormous amount of data. Due to sensitive information contained within, data can be exploited by potential aggressors. Previous research has shown the most accurate approach to acquire knowledge from data while simultaneously preserving privacy is the exploitation of cryptography. In this paper we introduce an extension of a privacy preserving data mining algorithm designed and developed for both horizontally and vertically partitioned databases. The proposed algorithm exploits the multi-candidate election schema and its capabilities to build a privacy preserving Tree Augmented Naive Bayesian classifier. Security analysis and experimental results ensure the preservation of private data throughout mining processes.
Cloud Computing (CC) is a promising next-generation computing paradigm providing network and computing resources on demand via the web. The cloud market is still in its infancy and all major issues, ranging from interoperability and standardization, to legislation and SLA contracts are still wide open. However, the main obstacle for a more catholic acceptance of the cloud model is security. In the CC model, the client has limited control over her data and computations as she outsources everything to the cloud provider. This basic CC feature influences several security related areas.
Privacy preserving analysis of a social network aims at a better understanding of the network and its behavior, while at the same time protecting the privacy of its individuals. We propose an anonymization method for weighted graphs, i.e., for social networks where the strengths of links are important. This is in contrast with many previous studies which only consider unweighted graphs. Weights can be essential for social network analysis, but they pose new challenges to privacy preserving network analysis. In this paper, we mainly consider prevention of identity disclosure, but we also touch on edge and edge weight disclosure in weighted graphs. We propose a method that provides k-anonymity of nodes against attacks where the adversary has information about the structure of the network, including its edge weights. The method is efficient, and it has been evaluated in terms of privacy and utility on real word datasets.
Technological and social phenomena like cloud computing, behavioural advertising, online social networks as well as globalisation (of data flows) have profoundly transformed the way in which personal data are processed and used. This paper discusses the efficiency of the legislation in force and the impact of PETs and the concept of privacy by design on the enforcement of data protection rules. By recognizing the need to update the data protection regulation as a result of current technological trends that threaten to erode core principles of data protection, the paper addresses the question if the Draft-Regulation presents an adequate and efficient response to the challenges that technological changes pose to regulators. In this context the paper focuses on the right to be forgotten as a comprehensive set of existing and new rules to better cope with privacy risks online in the age of “perfect remembering” and we how persistency and high availability of information limit the right of individuals to be forgotten. The paper deals with both the normative and the technical instruments and requirements so as to ensure that personal information will not be permanently retained.
The evolution of new technologies and the spread of the Internet have led to the exchange and elaboration of massive amounts of data. Simultaneously, intelligent systems that parse and analyze patterns within data are gaining popularity. Many of these data contain sensitive information, a fact that leads to serious concerns on how such data should be managed and used from data mining techniques. Extracting knowledge from statistical databases is an essential step towards deploying intelligent systems that assist in making decisions, but also must preserve the privacy of parties involved. In this paper, we present a novel privacy preserving data mining algorithm from statistical databases that are horizontally partitioned. The novelty lies to the multi-candidate election schema and its capabilities of being a basic foundation for a privacy preserving Tree Augmented Naïve Bayesian (TAN) classifier, in order to obviate disclosure of personal information.
It is widely accepted that electronic Government environments have caused a complete transformation of the way individuals, businesses and governmental agencies interact with central government. However, the acceptance and success of e-Government services largely depend on the level of trust and confidence developed by the users to the provided services and the overall system security. Thus the employment of the appropriate authentication framework is a crucial factor. This paper focuses on the way to determine the appropriate trust level of an electronic service. Specifically, it provides guidelines according to the data required for a transaction, as well as to the available authentication and registration mechanisms. Moreover, a Single Sign-On architecture is proposed, supporting a uniform authentication procedure that depends on the level of trust required by the service. In the aforementioned research work specific requirements and limitations for Greece have been taken into account.
This paper provides a combined approach on the major issues pertaining to the investigation of cyber crimes and the deployment of Internet forensics techniques. It discusses major issues from a technical and legal perspective and provides general directions on how these issues can be tackled. The paper also discusses the implications of data mining techniques and the issue of privacy protection with regard to the use of forensics methods.