Mitrou Lilian
Professor

l.mitrou@aegean.gr

00302273082250

Information/Internet Law - Privacy and Data Protection


Dr. Lilian Mitrou is Professor at the University of the Aegean-Greece (Department of Information and Communication Systems Engineering) and Visiting  Professor at the Athens University of Economics, the University of Piraeus and the Harokopeion University (Postgraduate Studies Program). She teaches information law and data protection law. L. Mitrou holds a PhD in Data Protection (University of Frankfurt-Germany). Her thesis concerned the  institutional control of data processing and more specifically the Data Protection Models and Authorities in the Federal Republic of Germany and France. She has served as a Member of the Hellenic Data Protection Authority (1999-2003). From 1998 till 2004 she was the national representative in the EC- Committee on the Protection of Individuals with regard to the Processing of Personal Data. She served and still serves as member of many Committees working on law proposals in the fields of privacy and data protection, communications law, e-government etc.  . During the Greek Presidency of the Council of EU (2014) she has served as Chair of DAPIX (Working Group on Information Exchange and Data Protection) and since June 2016 she is Chair of the Draft Committee on the adaptation of Greek law to the General Data Protection Regulation (2016/679/EU) and the Data Protection Directive (2016/680/EU). Since November 2016 she is member of the Greek National Council for Radio and Television (NCRTV). She is President of the Institute for Privacy Law, Data Protection and Technology at the European Public Law Organisation (EPLO)> Her professional experience includes senior consulting and researcher positions in a number of private and public institutions and projects on national and international level. Her research interests include: Privacy and Data Protection, eGovernment services, Internet Law, Digital Forensics, Responsible Research and Innovation. L. Mitrou published books, chapters in books and many journal and conference papers (in English, German and Greek).

Research Interests

Her Research Interests include: Privacy, Data Protection, Artificial Intelligence, Access to Information, Electronic Democracy, e-government, e-voting, Internet Law, Electronic Communications Law, Intellectual Property

Teaching Activities

 Information Law

Privacy and Data Protection Law

Regulatory and social issues in Information Society

 

 

Administrative Activities

ΜΈΛΟΣ ΣΥΜΒΟΥΛΙΟΥ ΙΔΡΥΜΑΤΟΣ (2012- )

ΜEMBER OF THE UNIVERSITY'S COUNCIL (2012-)

R&D Activities - National

 

Selected Regulatory projects (National)

Ministry of Justice

Member of the Preparatory Committee working on the draft-law on the electronic
surveillance of accused and convicted persons (2012)

Member of the Preparatory Committee working on the transposition of
Directive 2009/136/EC (part concerning the amendment of Directive 2002/58/EC) –
Law 4070/2012

Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of Council Framework Decision 2008/977/JHA of 27 November 2008
on the protection of personal data processed in the framework of police and judicial
cooperation in criminal matters.

Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of the Directive 2006/24/EC (Data Retention Directive)- Law 3917/11

Member of the Preparatory Committee working on the transposition
of the Directive 2002/58/EC on privacy in electronic communications –Law 3471/06

Member of the Preparatory Committee working on the transposition
of the Directive 97/66/EC on privacy in the telecommunications sector – Law 2774/99

Member of the Preparatory Committee working on the transposition
of the Directive 95/46/EC (Data Protection Directive)- Law 2472/97

Ministry of Interior, Decentralisation and Electronic Government

Study-Drafting of Law 3979/11 on Electronic Government

Study-Drafting of Law 3861/2010 on the Publication of State authorities and bodies Decisions on the Internet.

Ministry of Transports, Infrastructure and Networks

President of the Regulatory Committee working on the drafting of a National Electronic Communications Security Plan

Ministry of Labour and Social Insurance

Study-Drafting of Law 3892/2010 on Electronic Prescriptions
 

 

Selected Regulatory projects (National)

Ministry of Justice

Member of the Preparatory Committee working on the draft-law on the electronic
surveillance of accused and convicted persons (2012)

Member of the Preparatory Committee working on the transposition of
Directive 2009/136/EC (part concerning the amendment of Directive 2002/58/EC) –
Law 4070/2012

Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of Council Framework Decision 2008/977/JHA of 27 November 2008
on the protection of personal data processed in the framework of police and judicial
cooperation in criminal matters.

Member of the Preparatory Committee at the Ministry of Justice, working on the
transposition of the Directive 2006/24/EC (Data Retention Directive)- Law 3917/11

Member of the Preparatory Committee working on the transposition
of the Directive 2002/58/EC on privacy in electronic communications –Law 3471/06

Member of the Preparatory Committee working on the transposition
of the Directive 97/66/EC on privacy in the telecommunications sector – Law 2774/99

Member of the Preparatory Committee working on the transposition
of the Directive 95/46/EC (Data Protection Directive)- Law 2472/97

Ministry of Interior, Decentralisation and Electronic Government

Study-Drafting of Law 3979/11 on Electronic Government

Study-Drafting of Law 3861/2010 on the Publication of State authorities and bodies Decisions on the Internet.

Ministry of Transports, Infrastructure and Networks

President of the Regulatory Committee working on the drafting of a National Electronic Communications Security Plan

Ministry of Labour and Social Insurance

Study-Drafting of Law 3892/2010 on Electronic Prescriptions

Greek Presidency of the European Union 2003
Public Key Infrastructure Services in the Public Sector of the European Union Member States


Greek Lottery Organization Study, Design and Implementation of a Comprehensive Security Plan for the Greek Lottery S.A
Development of an integrated security and business continuity plan
Hellenic General Secretariat for Research and Technology
Hellenic Social Research Center
Public Sector Information for Research
Purposes:
Intellectual Property and Data Protection Issues

Cadastre S.A/ Study on the Use of Cadastre
Information
Drafting of a Regulation concerning the use of Cadastre Information
Ministry of Interior
General Secretary for Public Safety

Study – Assessment of regulatory framework concerning crisis and natural destructions management
Hellenic General Secretariat for Research and Technology

National Documentation Center
PERIKTIONI - Mapping the Feminine Research Work Force
Information Society S.A.
The Greek e-Government Digital Authentication framework

Ministry of Public Administration –
European Public Law Organisation
Legal framework for
e-government services


E-Government
Educational Programs on legal issues of e-government for Cypriot Public Administration
Ministry of Interior and Public Administration Internet voting and online public consultation

Hellenic
Telecommunications
And PostCommission
Evaluation of the Greek Qualified Digital Certificate Providers

Hellenic General Secretariat for Research and Technology
Hellenic Social Research Center
National Research Network and Participation to the development of the European Research Infrastructure CESSDA_RI - So.Da.Net»
( Social Sciences and Humanities )-
Hellenic General Secretariat for Research and Technology
Greek Research
And
Technology
Network
Intellectual Property Issues in relation to Digital Content for educational purposes
Ministry of
Interior,
Decentralisation and
Electronic Government
Study concerning Public Disclosure of the names of accused/convicted persons and debtors
Republic of Cyprus National Public
Administration
Academy
E-Government -Training
Greek General Secretariat for Research and Technology

SPHINX

VOIP - : Distinction between Humans and Machine through interactive audio means
Ministry of
Interior,
Decentralisation
and
Electronic Government

Digital Agenda – Comparative Study on digital market, impacts on society and international aspects of Digital Agenda


Revision of the Cyprus Government Information Systems Security Strategy
Development of a Government Security Policy

 

 


 

 

R&D Activities - InterNational

• FP7 CA RESPONSIBILITY - Global Model and Observatory for International
Responsible Research and Innovation Coordination –-02/13-01/16
• FP 7 SE PACT - Public Perception of Security and Privacy: Assessing knowledge,
collecting evidence, translating research into action 1/2011-12/2013
• EU – 7th Framework Programme - ICT for Health 2-5-3 –Virtual Physiological Human, Road mapping technology for enhancing security to protect medical & genetic data (RADICAL), 2008-2010
• ΕU - Fundamental Rights Agency- Report Thematic Legal Study on assessment of data protection measures and relevant institutions in Greece (2008-2009)
• European Commission Directorate – General Justice, Freedom and Security, Comparative study on different approaches to new privacy challenges, in particular in the light of technological developments (2008-2009)
• EU - SME Programme, SPIDER (Spam over Internet Telephony Detection Services), Coordinator for Workpackage 6: Legal and Ethical Issues (mainly data protection and communication secrecy issues), 2006-2008
• Project “Assistance to the Ministry of Justice in Bosnia and Herzegovina in internal organization and improvements of administrative capacity to undertake European Integration tasks” - Legal expertise and policy advise in the sector of Data Protection – Third Pillar (2006)
• Expertise for the Council of Europe - Direction of Legal Issues - Depts. of Data Protection /Electronic Democracy - Expertise on data protection draft laws and access to information draft laws of Central and East European Countries and new EU members, Council of Europe, (1999- 2004)
• EU-Information Society DG, IST Programme 2000-29518 "e-VOTE: An Internet Based Electronic Voting System", University of the Aegean (2001-2003)
• Project “Support to the Regulatory Reforms in Albania” - Legal expertise and policy advise on regulatory reform in the field of data protection and electronic governance (2001)
• Project “Scientific Cooperation in the Field of Regulatory Reforms in FYROM. Legal expertise and policy advise on regulatory reform in the field of data protection and electronic governance (2001)
• National Correspondent of the Leuven University (Faculty of Law - Interdisciplinary Centre for Law and Information Technology) - Project: Legal Aspects of Digital Signatures (1997-1998)
• National Correspondent of the Leuven University (Faculty of Law - Interdisciplinary Centre for Law and Information Technology) - Project: IDA- Legal Aspects of Interchange of Data between Administrations (1996)
• Assistance to the Ministry of Justice in Bosnia and Herzegovina in internal organization and improvements of administrative capacity to undertake European Integration tasks – Sector Data Protection – Third Pillar, Centre of European Constitutional Law, (2006)
• Expert for the project “Support to the Regulatory Reforms in Albania”, Centre of European Constitutional Law, (2001)
• Expert for the project “Scientific Cooperation in the Field of Regulatory Reforms, Greece – f.Y.R.O.Macedonia”, Centre of European Constitutional Law, (2001)
 

Scientific And Professional Organizations Membership

President of the Institute of Privacy Law, Data Protection and Technology established at the European Public Law Organisation

Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Journals

[1]
L. Mitrou, Greece: The New Data Protection Framework, (EDPL) 1/2020, pp. 107-113, European Data Protection Law Review, Vol. 6, No. 1, pp. 107-113, 2020, LEXXION, https://doi.org/10.21552/edpl/2020...
[2]
L. Mitrou, A. Vorras, Artificial Intelligence and Personal Data – A perception in the light of the European General Data Protection Regulation (ΕU) 2016/679, DIKAIO MESON ENIMEROSIS KAI EPIKOINONIAS (DIMEE), No. 4, pp. 460-466, 2018, NOMIKI VIVLIOTHIKI,
[3]
Pipyros K., Thraskias Ch. , L. Mitrou, D. Gritzalis, Apostolopoulos T., A new strategy for improving cyber-attack evaluation in the context of Tallinn Manual, Computers and Security, No. 74, pp. 371-383, 2018,
[4]
Pipyros K., L. Mitrou, Cyberattack or cyberwar?, DIMEE, No. 2, pp. 192-201, 2018
[5]
M. Kandias, L. Mitrou, V. Stavrou, D. Gritzalis, Profiling Online Social Networks Users: An Omniopticon Tool, International Journal of Social Networks Mining, Vol. 2, No. 4, 2017,
[6]
Tasidou Aimilia, Efraimidis , I. Soupionis, L. Mitrou, V. Katos, 4. Tasidou, A., Privacy-preserving, user-centric VoIP CAPTCHA challenges: An integrated solution in the SIP environment., 24(1), 2-19., Information & Computer Security, Vol. 24, No. 1, pp. 18, 2016,
[7]
Pipyros K., L. Mitrou, D. Gritzalis, Apostolopoulos T., Cyberoperations and international humanitarian law: A review of obstacles in applying international law rules in cyber warfare, Information & Computer Security, Vol. 24, No. 1, pp. 38-52, 2016,
[8]
Tsavli M., Efraimidis , V. Katos, L. Mitrou, Reengineering the user: privacy concerns about personal data on smartphones, Information and Computer Security, Vol. 23, No. 4, pp. 394-405, 2015, Emerald,
[9]
L. Mitrou, Data Protection and cloud computing, DIMEE, No. 4, pp. 534-550, 2015,
[10]
N. Marangos, P. Rizomiliotis, L. Mitrou, Time Synchronization: Pivotal Element in Cloud Forensics, Security and Communication Networks , 2014, Wiley, http://onlinelibrary.wiley.com/doi/..., IF = 0.72
[11]
Psaroudakis I., Saragiotis, V. Katos, L. Mitrou, A method for forensic artifact collection, analysis and incident response in environments running Session Initiation Protocol (SIP) and Session Description Protocol (SDP), International Journal of Electronic Security and Digital Forensics, Vol. 4, No. 6, pp. 241-267, 2014,
[12]
A. Mylonas, V. Meletiadis, L. Mitrou, D. Gritzalis, Smartphone sensor data as digital evidence, Computers & Security (Special Issue: Cybercrime in the Digital Economy), Vol. 38, pp. 51-75, 2013,
[13]
L. Mitrou, Privacy by Design (in Greek), Media and Communication Law, Vol. 37 , pp. 14-25, 2013,
E. Kosta, C. Kalloniatis, L. Mitrou, S. Gritzalis, Data protection issues pertaining to social networking under EU law, Transforming Government: People, Process, and Policy journal, Vol. 4, No. 2, pp. 193-201, 2010, Emerald, http://www.emeraldinsight.com/journ...
 
Abstract
Purpose – The purpose of this paper is to examine how the introduction of new communication channels facilitates interactive information sharing and collaboration between various actors over social networking services and how social networking fits in the existing European legal framework on data protection. The paper also aims to discuss some specific data protection issues, focusing on the role of the relevant actors, using the example of photo tagging. Design/methodology/approach – Privacy in social networks is one of the main concerns for providers and users. This paper examines the role of the main actors in social networking, i.e. the providers and the users, scrutinised under the light of the European data protection legislation. Specifically, how social networking service providers deal with users' privacy and how users handle their personal information, if this manipulation is complied with the respective legislation and how “tagging”, one of the most familiar services provided by the social networking providers, may cause privacy risks. Findings – Social networking is one of the most remarkable cultural phenomena that has blossomed in the Web 2.0 era. They enable the connection of users and they facilitate the exchange of information among them. However, the users reveal vast amounts of personal information over social networking services, without realising the privacy and security risks arising from their actions. The European data protection legislation could be used as a means for protecting the users against the unlawful processing of their personal information, although a number of problems arise regarding its applicability. Originality/value – The paper discusses some privacy concerns involved in social networks and examines how social networking service providers and users deal with personal information with regard to the European data protection legislation.
L. Mitrou, M. Karyda, Employees Privacy vs. Employers, Telematics and Informatics Journal, Vol. 14, No. 5, pp. 198-217, 2006, Elsevier , http://ac.els-cdn.com/S073658530500...
 
Abstract
This paper addresses the controversy between employees right to privacy and employers need to safeguard organizational resources by employing monitoring tools. It shows how organizations can formulate use policies, by applying basic principles for fair and lawful monitoring. A list of key points is presented, which organizations should take into account, for developing such policies. Finally, the paper explores how, widely accepted information security standards, such as the ISO 17799, can aid the attempt to address this controversy.
M. Karyda, L. Mitrou, G. Quirchmayr, A framework for outsourcing IS/IT security services, Information Management and Computer Security, Vol. 14, No. 5, pp. 402-415, 2006, Emerald , http://www.emeraldinsight.com/journ...
 
Abstract
Purpose – This paper seeks to provide an overview of the major technical, organizational and legal issues pertaining to the outsourcing of IS/IT security services. Design/methodology/approach – The paper uses a combined socio-technical approach to explore the different aspects of IS/IT security outsourcing and suggests a framework for accommodating security and privacy requirements that arise in outsourcing arrangements. Findings – Data protection requirements are a decisive factor for IS/IT security outsourcing, not only because they pose restrictions to management, but also because security and privacy concerns are commonly cited among the most important concerns prohibiting organizations from IS/IT outsourcing. New emerging trends such as outsourcing in third countries, pose significant new issues, with regard to meeting data protection requirements. Originality/value – The paper illustrates the reasons for which the outsourcing of IS/IT security needs to be examined under a different perspective from traditional IS/IT outsourcing. It focuses on the specific issue of personal data protection requirements that must be accommodated, according to the European Union directive.
[17]
L. Mitrou, Videosurveillance in the Decisions of Courts and Data Protection Authority, To Syntagma , Vol. 1, No. 1, 2006, Ekdoseis Sakkoula, (to_appear),
D. Lekkas, S. Gritzalis, L. Mitrou, Withdrawing a Declaration of Will: Towards a Framework for Digital Signature Revocation, Internet Research, Vol. 15, No. 4, pp. 400-420, 2005, Emerald, http://www.emeraldinsight.com/Insig..., indexed in SCI-E, IF = 0.688
 
Abstract
Purpose – The objective of this paper is to investigate the legal and technical reasons why a declaration of will, denoted by a digital signature, can be cancelled and how this cancellation can be technically achieved. Design/methodology/approach – Proposes a technical framework for establishing a signature revocation mechanism based on special data structures, the signature revocation tokens (SRT), and investigates the alternatives for disseminating the signature status information (SSI) to the relying parties. Findings – A relying party has to take into consideration the possible existence of a signature revocation, in order to decide on the validity of a digital signature. A scheme based on a central public repository for the archival and distribution of signature revocation tokens exhibits significant advantages against other alternatives. Originality/value – Identifies various intrinsic problems of the digital signature creation process that raise several questions on whether the signer performs a conscious and wilful act, although he/she is held liable for this action. The law faces the eventual right of the signer to claim a revocation of a previously made declaration of will, especially in cases of an error, fraud
[19]
L. Mitrou, The new Electronic Privacy Directive, Law of Information and Communication Media, Vol. 2, No. 3, pp. 371-375, 2004, Nomiki Vivliothiki, http://www.nb.org
[20]
L. Mitrou, Das Griechische Datenschutzgesetz als Beispiel eine problemlosen Umsetzung der EU Datenschutzrichtlinie, Recht der Datenverarbeitung, Vol. 15, No. 2, pp. 56-63, 1998, Datacontext Fachverlag, http://www.datakontext.com

Conferences

L. Mitrou, Marijn Janssen, E. Loukis, Human Control and Discretion in AI-driven Decision-making in Government, 14th International Conference on Theory and Practice of Electronic Governance – ICEGOV 2021, 2021, ACM,
 
Abstract
Traditionally public decision-makers have been given discretion in many of the decisions they have to make in how to comply with legislation and policies. In this way, the context and specific circumstances can be taken into account when making decisions. This enables more acceptable solutions, but at the same time, discretion might result in treating individuals differently. With the advance of AI-based decisions, the role of the decision-makers is changing. The automation might result in fully automated decisions, humans in-the-loop or AI might only be used as recommender systems in which humans have the discretion to deviate from the suggested decision. The predictability of and the accountability of the decisions might vary in these circumstances, although humans always remain accountable. Hence, there is a need for human-control and the decision-makers should be given sufficient authority to control the system and deal with undesired outcomes. In this direction this paper analyzes the degree of discretion and human control needed in AI-driven decision-making in government. Our analysis is based on the legal requirements set/posed to the administration, by the extensive legal frameworks that have been created for its operation, concerning the rule of law, the fairness – non-discrimination, the justifiability and accountability, and the certainty/ predictability.
Maria Eleni Skarkala, M. Maragoudakis, S. Gritzalis, L. Mitrou, PP-TAN: a Privacy Preserving Multi-party Tree Augmented Naive Bayes Classifier, SEEDA CECNSM 2020 5th South East Europe Design, Automation, Computer Engineering, Computer Networks and Social Media Conference, 2020, IEEE CPS Conference Publishing Services, https://hilab.di.ionio.gr/seeda2020...
 
Abstract
The rapid growth of Information and Communication Technologies emerges deep concerns on how data mining techniques and intelligent systems parse, analyze and manage enormous amount of data. Due to sensitive information contained within, data can be exploited by potential aggressors. Previous research has shown the most accurate approach to acquire knowledge from data while simultaneously preserving privacy is the exploitation of cryptography. In this paper we introduce an extension of a privacy preserving data mining algorithm designed and developed for both horizontally and vertically partitioned databases. The proposed algorithm exploits the multi-candidate election schema and its capabilities to build a privacy preserving Tree Augmented Naive Bayesian classifier. Security analysis and experimental results ensure the preservation of private data throughout mining processes.
[3]
L. Mitrou, Artificial Intelligence and Data Protection, 9th International Conference on Information Law and Ethics, 2019, (to_appear),
[4]
L. Mitrou, Vorras A., Unboxing the Black Box: Algorithmic transparency and/or a right to functional explainability ?, International Conference Regulation and Enforcement in the Digital Age, 2019, (to_appear),
[5]
Vorras A., L. Mitrou, Regulation and Policy in the Algorithmic Society, 9th International Conference on Information Law and Ethics, 2019, (to_appear),
[6]
M. Karyda, L. Mitrou, Data Breach Notification: Issues and Challenges for Security Management, 10th MEDITERRANEAN CONFERENCE ON INFORMATION SYSTEMS, 2016,
[7]
Pipyros K., Thraskias Ch. , L. Mitrou, D. Gritzalis, Apostolopoulos T., Cyber-attack evaluation using SAW method, 10th MEDITERRANEAN CONFERENCE ON INFORMATION SYSTEMS, 2016
L. Mitrou, P. Drogkaris, G. Leventakis, Legal and Social Aspects of Surveillance Technologies: CCTV in Greece, International Conference on Citizens’ Perspectives on Surveillance, Security and Privacy: Controversies, Alternatives and Solutions, pp. 39-41, 2014, Conference Proceedings
[9]
Pipyros K., L. Mitrou, D. Gritzalis, A cyber attack evaluation methodology, 13th European Conference on Cyber Warfare and Security (ECCWS-2014),, pp. 264-270, 2014
[10]
L. Mitrou, M. Kandias, V. Stavrou, D. Gritzalis, Social media profiling: A Panopticon or Omniopticon tool?, 6th Conference of the Surveillance Studies Network, 2014
[11]
M. Kandias, L. Mitrou, V. Stavrou, D. Gritzalis, Which side are you on? A new Panopticon vs. privacy, 10th International Conference on Security and Cryptography (SECRYPT 2013), pp. 98-110, 2013,
[12]
M. Kandias, K. Galbogini, L. Mitrou, D. Gritzalis, Insiders trapped in the mirror reveal themselves in social media, 7th International Conference on Network and System Security (NSS 2013), LNCS 7873, pp. 220-235, 2013, Springer ,
[13]
L. Mitrou, Naming and Blaming in Greece: Social Control as Law Enforcement Tool, Living in Surveillance Societies (LISS 2013), pp. 247-258, 2013,
[14]
M. Kandias, V. Stavrou, N. Bozovic, L. Mitrou, D. Gritzalis, Can we trust this user? Predicting insider’s attitude via YouTube usage profiling, 10th IEEE International Conference on Autonomous and Trusted Computing (ATC 2013), 2013, IEEE Press,
[15]
M. Kandias, V. Stavrou, N. Bozovic, L. Mitrou, D. Gritzalis, Predicting the insider threat via social media: The YouTube case, 12th Workshop on Privacy in the Electronic Society (WPES 2013), 2013, ACM Press,
[16]
E. Lalas, L. Mitrou, C. Lambrinoudakis, ProCAVE: Privacy-Preserving Collection and Authenticity Validation of Online Evidence, 10th International Conference on Trust, Privacy & Security in Digital Business (TRUSTBUS 2013), LNCS 8058, pp. 137-148, 2013, Springer,
N.Marangos, P. Rizomiliotis, L. Mitrou, Digital Forensics in the Cloud Computing Era, IEEE GlobeCom 2012, Man-Sec Workshop, 2012, IEEE Press,
 
Abstract
Cloud Computing (CC) is a promising next-generation computing paradigm providing network and computing resources on demand via the web. The cloud market is still in its infancy and all major issues, ranging from interoperability and standardization, to legislation and SLA contracts are still wide open. However, the main obstacle for a more catholic acceptance of the cloud model is security. In the CC model, the client has limited control over her data and computations as she outsources everything to the cloud provider. This basic CC feature influences several security related areas.
Maria Eleni Skarkala, Hannu Toivonen, Pirjo Moen, M. Maragoudakis, S. Gritzalis, L. Mitrou, Privacy Preservation by k-Anonymization of Weighted Social Networks, 2012 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 423-428, 2012, IEEE CPS Conference Publishing Services, http://dl.acm.org/ft_gateway.cfm?id...
 
Abstract
Privacy preserving analysis of a social network aims at a better understanding of the network and its behavior, while at the same time protecting the privacy of its individuals. We propose an anonymization method for weighted graphs, i.e., for social networks where the strengths of links are important. This is in contrast with many previous studies which only consider unweighted graphs. Weights can be essential for social network analysis, but they pose new challenges to privacy preserving network analysis. In this paper, we mainly consider prevention of identity disclosure, but we also touch on edge and edge weight disclosure in weighted graphs. We propose a method that provides k-anonymity of nodes against attacks where the adversary has information about the structure of the network, including its edge weights. The method is efficient, and it has been evaluated in terms of privacy and utility on real word datasets.
L. Mitrou, M. Karyda, EU΄s Data Protection Reform and the right to be forgotten - A legal response to a technological challenge?, 5th International Conference of Information Law and Ethics, 2012,
 
Abstract
Technological and social phenomena like cloud computing, behavioural advertising, online social networks as well as globalisation (of data flows) have profoundly transformed the way in which personal data are processed and used. This paper discusses the efficiency of the legislation in force and the impact of PETs and the concept of privacy by design on the enforcement of data protection rules. By recognizing the need to update the data protection regulation as a result of current technological trends that threaten to erode core principles of data protection, the paper addresses the question if the Draft-Regulation presents an adequate and efficient response to the challenges that technological changes pose to regulators. In this context the paper focuses on the right to be forgotten as a comprehensive set of existing and new rules to better cope with privacy risks online in the age of “perfect remembering” and we how persistency and high availability of information limit the right of individuals to be forgotten. The paper deals with both the normative and the technical instruments and requirements so as to ensure that personal information will not be permanently retained.
Maria Eleni Skarkala, M. Maragoudakis, S. Gritzalis, L. Mitrou, Privacy Preserving Tree Augmented Naïve Bayesian Multi – party Implementation on Horizontally Partitioned Databases, TrustBus 2011 8th International Conference on Trust, Privacy and Security of Digital Business, pp. 62 - 73, 2011, Lecture Notes in Computer Science LNCS, Springer, http://link.springer.com/content/pd...
 
Abstract
The evolution of new technologies and the spread of the Internet have led to the exchange and elaboration of massive amounts of data. Simultaneously, intelligent systems that parse and analyze patterns within data are gaining popularity. Many of these data contain sensitive information, a fact that leads to serious concerns on how such data should be managed and used from data mining techniques. Extracting knowledge from statistical databases is an essential step towards deploying intelligent systems that assist in making decisions, but also must preserve the privacy of parties involved. In this paper, we present a novel privacy preserving data mining algorithm from statistical databases that are horizontally partitioned. The novelty lies to the multi-candidate election schema and its capabilities of being a basic foundation for a privacy preserving Tree Augmented Naïve Bayesian (TAN) classifier, in order to obviate disclosure of personal information.
[21]
A.-M. Piskopani, L. Mitrou, Facebook: Reconstructing Communication and decostructing privacy law? , 4th Mediterranean Conference on Information Systems, 2009,
[22]
E. Kosta, C. Kalloniatis, L. Mitrou, E. Kavakli, Search engines: gateway to a new “Panopticon”, TRUSTBUS -Trust, Privacy and Security in Digital Business, Lecture Notes in Computer Science, pp. 11-21, 2009, Springer 2009,
P. Drogkaris, D. Geneiatakis, S. Gritzalis, C. Lambrinoudakis, L. Mitrou, Towards an Enhanced Authentication Framework for eGovernment Services: The Greek case, EGOV’08 7th International Conference on Electronic Government, pp. 189-196, 2008, Trauner Verlag, http://www.icsd.aegean.gr/publicati...
 
Abstract
It is widely accepted that electronic Government environments have caused a complete transformation of the way individuals, businesses and governmental agencies interact with central government. However, the acceptance and success of e-Government services largely depend on the level of trust and confidence developed by the users to the provided services and the overall system security. Thus the employment of the appropriate authentication framework is a crucial factor. This paper focuses on the way to determine the appropriate trust level of an electronic service. Specifically, it provides guidelines according to the data required for a transaction, as well as to the available authentication and registration mechanisms. Moreover, a Single Sign-On architecture is proposed, supporting a uniform authentication procedure that depends on the level of trust required by the service. In the aforementioned research work specific requirements and limitations for Greece have been taken into account.
M. Karyda, L. Mitrou, Internet Forensics: Legal and Technical issues, 2nd Annual Workshop on Digital Forensics and Incident Analysis (WDFIA 2007), pp. 3-12, 2007, IEEE,
 
Abstract
This paper provides a combined approach on the major issues pertaining to the investigation of cyber crimes and the deployment of Internet forensics techniques. It discusses major issues from a technical and legal perspective and provides general directions on how these issues can be tackled. The paper also discusses the implications of data mining techniques and the issue of privacy protection with regard to the use of forensics methods.
[25]
L. Mitrou, E-voting: Constitutional and Legal Requirements in the Recommendation of the Council of Europe , 2nd Votobit International Conference, pp. 20, 2004, University of Leon ,
[26]
L. Mitrou, K. Moulinos, Privacy and Data Protection in Electronic Communications, MMM-ACNS, pp. 432-436, 2003, Springer,
[27]
L. Mitrou, D. Gritzalis, S. K. Katsikas, Revisiting legal and regulatory requirements for secure e-voting , Proceedings, IFIP SEC 2002, pp. 469-480, 2002,
[28]
L. Mitrou, Data Protection: a new constitutional right, Center for European Consitutional Law - Conferences, pp. 143-157, 2001, Ekdoseis Sakkoula,
[29]
L. Mitrou, Privacy Protection on the Internet, EETT, pp. 71-85, 1999, EETT,
[30]
L. Mitrou, Technology, Commerce and Data Proetction, Conference of the Association of the Greek Commercialista, pp. 173-198, 1998,
[31]
L. Mitrou, Privacy: The hesitant and uncertain course of personal data protection, Twenty years of the Greek Constitution, pp. 33-52, 1998, Athens-Komotini,