PRIVACY ATTITUDES AND BEHAVIORS IN THE AGE OF POST-PRIVACY: AN EMPIRICAL APPROACH

The digital world is a field of information and entertainment for users and a field of extraction of the most valuable good of recent years: personal data. How much of a threat to privacy is the collection and processing of data by third parties and what do people think about it? On the occasion of the extensive methods of surveilling citizens and collecting their data, this study attempts to contribute new empirical data evidence from the international research on the use of the Internet by the World Internet Project on attitudes and behaviors of individuals regarding online privacy and surveillance. The aim is to determine whether and to what extent the recorded concerns about the violation of privacy intersects with a growing acceptance of its very absence.


INTRODUCTION
From a free and decentralized research and communication tool, the internet has been transformed in recent years into a commodified space without which we can hardly imagine our lives. Various entities operate with a totally new business model, while major players such as Google, Amazon, Facebook, Apple, and Microsoft (GAFAM) offer innovative and mostly 'free' information, communication, sharing and access services, provided conveniently and quickly from the comfort of our home or wherever we are (de Bustos & Izquierdo-Castillo 2019). With a small exchange: they know who we are, when is our birthday, what are we searching for online, our employment, where we have been, what our faces -and those of friends and relatives -look like, what we believe in, even our political views (Curran, 2018;Smith, 2020;Nield, 2019;Norval & Prasopoulou 2017). This study seeks to contribute with new empirical data to the investigation of citizens' attitudes, concerns and perceptions on issues of online privacy deriving from the World Internet Project in Greece (WIP-GR), implemented by the National Centre for Social Research (EKKE) 1 as part of the internationally collaborative World Internet Project (WIP). 2 The data related to concerns about privacy and online protection highlights a paradox, as these concerns are counterbalanced by the growing engagement of individuals in online experiences and their acceptance that there is no longer any privacy online: users tend to believe that having 'nothing to hide' makes it acceptable to concede their data to companies or governments oblivious to the fate of those data.
According to the report by Tsekeris (et al. 2019) Greece is one of the allegedly weakest links of the EU Digital Single Market (DSM) 3 although the EU Digital Economy and Society Index (DESI) for 2020 indicates that the country made the most progress compared to the previous year (especially in connectivity and human capital) 4 . However, it is rather obvious that the so-called 'post-crisis Greece' has a long distance to cover compared to other countries. For 2020, the country, in overall, ranked again 27th out of the 28 EU Member States and still belongs to the low-performing group of countries along with Romania, Bulgaria, Italy, Poland, Hungary, Cyprus, and Slovakia. So, although Greece marginally improved its performance regarding its human capital and the supply side of digital public services, it is placed for one more year under the EU average. Nevertheless, Greeks are still considered to be active users of internet services with their number growing (OECD 2019). In addition, the progress in integrating digital technology has been slow. According to the 'eGovernment Benchmark 2019' 5 , Greece is at 27% regarding the penetration of e-services, while the EU average is 57%. In the field of digitization of public services, the country stands at 51%, far below the European average (68%). However, it seems that Greece has been provided with a significant boost from an unlikely quarter, that is, the coronavirus. The COVID-19 pandemic, the world's first digital pandemic and the ensuing lockdown acted as a catalyst as the country has indeed prompted a rush to adopt massive digital solutions for everything from Cabinet meetings to prescriptions (Stamouli, 2020).
But as in other countries, in Greece the pandemic has once again stirred up the debate on privacy issues. Numerous Greek scholars argue about the biopolitics of the pandemic and emerging anti-democratic tendencies (Douzinas, 2020;Kontiades 2020;Spourdalakis 2020) and collective-cultural drama (Demertzis 2020;Demertzis and Eyerman 2020). Others highlight the way governments, like in Hungary, pushed for authoritarian policies with accelerated procedures (Tzarelas, 2020: 315). In cases such as in Australia, China, Italy, Mexico, Singapore, South Korea, and the US, governments in collaboration with private companies, implemented even more generalized and indiscriminate methods of monitoring citizens and collecting data to observe the spread of the virus without them knowing (Tzogopoulos, 2020;Stein 2020;Singer & Sang Hun, 2020). Furthermore, elsewhere, e.g., in Israel, the government allowed the Secret Services to carry out mass surveillance in mobile phones without a court order to control the increase curve of COVID-19 cases (Gross, 2020). However, the sensitive data collected during this crisis were not only exchanged between health organizations and public health services, as Stein (2020) reveals, since in the US the public services activated applications and digital tools as well as location data from Google and Facebook providing these companies with access to confidential information of citizens such as the date they may have contracted the virus, along with their nationality, gender, age and location. Helbing (2020) notes the crisis seems to have pushed states not only towards obligatory testing, but also towards mass surveillance of data on health, on movement, on contacts, towards mass storage of such data, and potentially, later, towards immunity certificates. Apparently, millions of people are experiencing a bio-political condition that can potentially create new modalities of subjection and subjectivation 6 . It has to be noted, however that on various cases, democracies, especially in Western Europe, decided to preserve their citizens' privacy and informational self-determination 7 .
In general, the digital life -in Greece and everywhere else-enmeshes with the multiple structural transformations associated with the rise and spread of the so called 'information and communicative capitalism' (Fuchs, 2012) or 'surveillance capitalism' (Zuboff, 2019). It is also related to the experience of late-modern subjects and societies, thus posing the urgent need for a far greater conscious-raising and awareness to the situated, cultural and sociopolitical contexts of its use (Fuchs, 2015). It is in the same spirit of critical inquiry that the collective and interdisciplinary World Internet Project (WIP) focuses on the specific national settings of internet use, with analytic attention on comparative and international perspectives. Hence, WIP examines the internet as something more than a global information machine or a communication medium. It emphasizes the cultural and sociopolitical dynamics of the constituent internet technologies, as well as the vast complexity of new types and processes of meaningful action, interaction, experience, subjectivity and identity formation that stretch across the turbulent digital world, especially after the triumphal advent of Web 2.0 or Social Web (Tsekeris & Katerelos, 2014). Emanating from WIP-GR, this paper, first, seeks to overview dataveillance and the datafication of society; second, it refers to the privacy paradox and the resignation of individuals to controversial practices of privacy violation despite them being aware of these violations; third, it attempts an explanatory approach to this contradiction through the exploration of social capital and the emotionality of the public sphere; fourth, it presents our analysis of the WIP-GR 2019 data related to privacy and surveillance and attempts to investigate three questions: Our results show that Greek people are on the track of a rather abrupt transition from digital users to digital citizens. The majority of the participants express their concerns about their privacy being violated as they actively try to protect it. However, more than half of the respondents state that they 'have nothing to hide'. We opted to investigate this conviction and we discovered that Greek people have a rather obfuscated idea about the very notion of digital privacy which might undermine their digital citizenship: they tend to identify it with being 'innocent' of controversial activities therefore being transparent and opening themselves up for datafication but still require protection from their government and expect it to exercise further regulation.

THIS DATAFICATION AND POST-PRIVACY IN THE ECONOMY OF CONNECTIVITY
Long before the outbreak of the global health crisis, the advent of social media has allowed companies to target specific groups of users and exploit not only their own data but also the data they generate (metadata) when sharing content or communicating with others (Fuchs, 2014). This 'dataveillance' allows governments and corporations to observe and surveil individuals for the purpose of an unprecedented concentration of personal information and a form of control (Clarke, 1994), as the Snowden files revealed 8 (Lyon, 2014) or as the interviews with the former director of the US National Intelligence Service, Michael Hayden, describe (Hayden, 2014) 9 . This arguably confirms Christian Fuchs (2014: 92) that 'the actual practices of data marketing, control of media as well as corporate and state oversight restrict the liberal freedom of thought, opinion, assembly and association'. 10 In the universe of GAFAM, a 'non-alternative' is introduced: providing the software and hardware foundations of the entire internet it is almost impossible for users not to engage with their products and services and not to give in to the cost of their 'free' offering: their data. In the 'platform capitalism' (Srnicek, 2017) the new economy operates through connectivity as the main resource that marks a systemic shift in the process of profitability. As Mark Zuckerberg testified in 2018 to the U.S. Senate Examination Committee, the business model of Facebook and Google is to provide free services to users in exchange for their data. (Hsu & Kang, 2018;Watson, 2018).
Data monitoring and harvesting has been studied for decades (Rule et al. 1983;Clarke, 1994;Derikx et al. 2015). According to Lyon (2001a), the systematic attention given to people's lives is part of a broader process of maintaining social control and economic management, but in order to achieve this control, the boundaries between the private and the public must be blurred. Information technologies play a central role in this, minimizing the cost of obtaining personal information -without obvious social costs -and increasing 'information asymmetry' (Laudon, 1997;Acquisti et al. 2016). Therefore, the information mosaic of the digital selves is the basis of a relationship that goes beyond digitization and leads to datafication ( van Dijck, 2014;Mai, 2016). If digitization allowed for greater storage and faster processing of information, datafication allows it to be transformed into shapes that can be quantified, classified, and analyzed in more sophisticated ways (Mayer-Schonberger & Cukier, 2013) in gigantic aggregations raising numerous issues 11 . As van Dijck (2014) notes, even academia has embraced the datafication paradigm by 'assessing big data sets collected through social media platforms as the most scrupulous and comprehensive method to measure quotidian interaction, superior to sampling ('N=all') and more reliable than interviewing or polling' and 'assuming a self-evident relationship between data and people'. What is missing though is that the allegedly 'objective' nature of quantitative analysis cannot exist without a qualitative, critical framing that guides the research with a quite subjective, intentional manner.
It seems like there are two major starting points for this unprecedented information aggregation and control. First, it was the USA legislative statute known as Section 230 of the Communications Decency Act 12 , which was crafted in 1996, during the initial phase of the public internet. It states that 'no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider'. The aim of the statute was to clarify intermediaries' liability for the content on their websites, but it inevitably shielded website owners from lawsuits and state prosecution for user-generated content. Thank to this regulatory framework sites like Booking.com can defend even aggressive negative hotel reviews and Twitter and Facebook allow trolls and fake news to 'roam free' without either company being held accountable to the same standards that news organizations are. As it institutionalized the idea that websites are not publishers but rather 'intermediaries', this statute not only freed them from the responsibility of their content (or its providers), but it ended up sheltering the extractive operations of this very content from critical examination. The second milestone came six years later, in the aftermath of the September 11 th attacks in USA, when the government's concerns shifted from online privacy protections to a new need for 'total information awareness' (Rosen, 2002) as an unwritten policy of 'surveillance exceptionalism' (Zuboff, 2019) emerged. Legislation to regulate online privacy became a casualty of the 'war on terror', the 'goods' produced in Silicon Valley evaded legislative action and became highly coveted as was the need for higher speed in clandestine digital services.
Harvesting data is not a novel phenomenon (Flick, 2016). What is new is the extent of exposure of this data and how it can be aggregated and transformed uncontrollably ( Van Dijck, 2014;Mai 2016). In 2019, the French Commission for the Protection of Personal Data (CNIL) fined Google €50 million for violating EU privacy rules, 'for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization' 13 . Earlier, on the other side of the Atlantic, an investigation by the Observer and the New York Times revealed that 50 million Facebook user profiles were processed by Cambridge Analytica, creating a program that could predict and influence their electoral behavior sending them targeted and personalized messages based on their data 14 . Moreover, the same investigation revealed that in addition to the US election, the same method was used to manipulate the results of the 2016 British referendum that led Great Britain 12 Section 230 of the Communications Decency Act, Electronic Frontier Foundation, https://www.eff.org/issues/cda230. 13 https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-eurosagainst-google-llc; See also https://www.theguardian.com/technology/2019/jan/21/google-finedrecord-44m-by-french-data-protection-watchdog 14 According to information provided by Christopher Wylie the whistleblower that uncovered the story: "we exploited Facebook to collect millions of user profiles and create models to tap into what we knew about them and target their inner demons." Cf. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-uselection.
to the infamous Brexit pivoting for the first time the whole dataveillance undertaking from commercial to political objectives.
This kind of targeted advertising invented by Google (Zuboff, 2019: 67) paved the way to economic success but also laid the foundation of a 'surveillance capitalism' with 'idiosyncratic economic imperatives defined by extraction and prediction, a 'unique approach to economies of scale and scope in raw-material supply'. Surveillance capitalism begins by unilaterally making a claim to private human experience as free 'raw material' for transformation into behavioral data, making data the very element tech giants may assert authority over -the same way oil companies assert authority over crude-in order to achieve economies of scale in its raw material supply operations. And in transforming 'crude' data into information 'gasoline', GAFAM's machine intelligence operations convert human experience into the firm's highly profitable algorithmic products designed to predict the behavior of its users (Zuboff, 2019).
Moreover, as today's advertisement is capitalizing on digital technologies to dig further into the needs, interests, and motivations of customers, behavioral advertising, online profiling and 'behavioral targeting' while being shielded from any accountability as to the nature of the content targeted, have become common tactics for suppliers to effectively sell products to customers in the digital environment. Especially in cases of electoral choice, adding to personal profiling based on user activity and interests, 'affinity profiling' (Wachter, 2020) classifies people based on their assumed interests according to groups they supposedly belong to, thus providing online platforms with sensitive information such as ethnicity, gender, sexual orientation or religious beliefs. What is called 'affinity profiling', or profiling which seemingly does not directly infer sensitive data but rather measures an 'affinity' with a group defined by such data (Wachter, 2020), not only violates privacy but might even unlawfully discriminate against users who receive inadequate legal protection as groups. A violation which could undermine the application of the EU General Data Protection Regulation (GDPR) against processing of sensitive data.

THE 'PRIVACY PARADOX' AND THE NON-PRIVATE NATURE OF PRIVACY
These practices do not seem to prevent people from using the internet, accepting cookies when visiting a website or participating in social media (Ngwenyama & Klein 2018, Van Dijck 2013. Norberg et al. (2007) coined the term 'privacy paradox' to describe the dichotomy between individuals' willingness to concede their data with almost negligible rewards and their expressed concerns about the violation of their privacy (Kokolakis, 2017). The bloodless 'coup' that has been inflicted on modern societies by digital moguls relies, 'on the most treacherous hallucination people have: that 'privacy is private' (Zuboff, 2021). And giving away or conceding a bit of personal information is a fair 'quid pro quo' if users can get extra service. For example, when Delta Air Lines piloted a biometric data system at the Atlanta airport, the company reported that of nearly 25,000 customers who traveled there each week, 98 percent opted into the process, noting that 'the facial recognition option is saving an average of two seconds for each customer at boarding, or nine minutes when boarding a wide body aircraft.' (Zuboff, 2020;Murgia, 2019). Privacy is not private, because the effectiveness of all private or public surveillance and control systems depends upon the pieces of ourselves that we give up -or that are secretly taken from-even through seemingly innocent micro-activities such as clicking on an angry emoji under a disliked post on Facebook: opinions are collected, assessed and treated as property. And that transaction takes place in a totally asymmetrical distribution of knowledge, as tech giants have control of information and learning whereas a significant number of people have trouble figuring out how to pay their bills online. Unequal knowledge about people produces unequal power over them. And from algorithms that profile people to predict their behavior, surveillance capitalism is reaching a point where predictive knowledge is morphing into modification power as was shown in Facebook's contagion experiments (Bond et al., 2012;Kramer at al., 2014), when it succeeded in modifying human behavior by planting subliminal cues and manipulating social comparisons on its pages, to influence users to vote in midterm elections and to make them feel sadder or happier. So where does all this leave users' privacy? In an experimental study, Carrascal (et al. 2013) found that internet users priced their internet search history information at around 7 euros, while Egelman (et al. 2012) showed that consumers were willing to pay a price to buy the protection of their privacy but it was a small one. 15 Earlier research on user attitudes indicated that privacy and the collection of information is something that particularly concerns users (TRUSTe 2014; Madden 2014) although they can give it away as soon as they realize there is something to gain (Brown, 2001;Spiekermann et al. 2001). Taddicken (2014) showed that privacy concerns do not affect self-disclosure if the communication pattern between users is performed on an exchange basis like 'tell me about you and I will tell you about me' or includes the benefit of shareability (Lee et al. 2013). Zafeiropoulou (et al. 2013) investigated users' attitudes about their location data and discovered that even in this case that concerns a particularly sensitive information, 16 users willingly reveal it or provide constant access to it in exchange for participating in an internet activity or enjoy a free service. Ngwenyama & Klein (2018) argue that the compliance of individuals with controversial practices of privacy violation is due to a voluntary 'amnesia' and a lack of awareness related to the confusing nature of social media surveillance practices. They concluded that data monitoring, control and financial exploitation involve ethical contradictions, covert purposes, agendas and ideology.
Examples like that lead to what Draper & Turow (2017) call 'digital resignation', arguing that the very notion of the 'privacy paradox' is faultily burdening users: people do not give up personal information just to get discounts or services nor do they lack comprehension for the consequences of that disclosure. They do so because they are accepting as inevitable the undesirable ways marketers use personal information and resign to them. A purposeful strategy of commercial interests and not an accidental byproduct of 21 st century digital life, 'digital resignation' is something to investigate on multiple institutional and societal levels and understand its nature and origins. Internet users cannot learn enough about privacy risks to make informed decisions about their privacy as it is impossible to gain sufficient knowledge of the ways in which personal data are processed and analyzed by thousands of organizations and numerous obscure techniques. The advent of large-scale 'Big Nudging' (Helbing, 2015) and 'Big Data surveillance' (Lyon, 2014), has established omnipotent technologies of control, calculability and prediction (Kucklick, 2014), which, produces unprecedented power asymmetries between the state and its citizens, (Brunton & Nissenbaum, 2015) and corporations and their customers. According to the JRC Science for Policy Report of the European Commission (2020) 17 , companies use several questionable techniques like defaults, framing, nudging and dark patterns to build choice architectures and dissuade users from making active or informed choices leading not only to the sharing of personal information but to manipulation and deception. For instance, framing and wording may be used to nudge users towards a choice by presenting the alternative as risky (e.g., on Facebook, users are encouraged to keep face recognition turned, because it ostensibly helps 'protect you and others from impersonation and identity misuse and improve platform reliability.') 18 . Choice architectures may also require a take-it-or-leave-it decision, like a choice between accepting specific privacy terms or deleting an account. They may even be designed 16 Although geolocation data are not considered "sensitive" in a legal point of view they are personal and of importance to the safety of users providing very intimate and accurate overview of their habits and patterns. Retaining location data forever and obtaining a single privacy consent for multiple purposes are practices already unacceptable. https://iapp.org/news/a/what-the-gdpr-willmean-for-companies-tracking-location 17 https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-researchreports/technology-and-democracy 18 https://www.facebook.com/help/122175507864081 in such a way that the privacy-friendly option requires more effort and knowledge from users. The very task of trying a 'self-managed privacy' is futile so long as the various decisions people must make about their privacy and the tasks they must do regarding it (reading privacy policies, opting out, changing privacy settings etc.) make it a complex and never-ending project (Solove, 2013;. Resignation is a rational response to the impossibility of privacy self-management rather than a voluntary servitude.

SOCIAL CAPITAL IN THE EMOTIONAL PUBLIC SPHERE
There is a number of further aspects influencing users' interest in protecting their privacy on the Internet, their attitude towards others and the very ability to be anonymous online. Active participation in social networks associated with selfdisclosure is related to three needs: the need for entertainment, for social relationships and the need to construct identity (Debatin et al. 2009). For most users, meeting the above needs outweighs the risks of personal data exposure and privacy violation by responding to a 'ritualistic' integration of online socialization. Social networking is a way of gaining social capital (Ellison et al. 2011) that is exchanged for the disclosure of personal information 19 . Demertzis & Tsekeris (2018: 16) note that the tools and control mechanisms involved in the 'governmentality of the neoliberal debt economy' create new emotional rules, informalize behaviors and compose an emotional public sphere in which people, freed from the constraints of the past, express themselves freely following the track of the 'emancipation of emotions' (Wouters, 2007). If the concession of private information is the cost of engaging networked but disconnected individuals in the 'emotional public sphere' where narcissistic disclosure of emotionality takes place in the name of 'authenticity of the self' (Sennett 1993), then the benefit may be considered great. It seems, however, that people are beginning to doubt the data-for-freeservices-exchange they have involved themselves too. According to Pew Research Center 20 , 81% of Americans believe the potential risks of companies' data collection outweigh the benefits but they have no comparable alternatives of living their digital lives (Auxier et al. 2019). So, where do Greek people place themselves in this landscape of distorted digital communication?

WIP-GR SURVEY: SAMPLE DESCRIPTION AND DATA DEFINITIONS
The third wave of WIP-GR 21 was implemented in Spring 2019 by the National Centre for Social Research (EKKE) 22 as part of the international World Internet Project (WIP). WIP is a major survey-based research program, launched in 1999 and directed by the Annenberg School Center for the Digital Future at the University of Southern California, looking at the social, political and economic impact of the internet, as well as at how individuals adopt and use the internet and other new technologies, and what implications this has on their everyday lives and communities. This program becomes increasingly important because in order to get closer to the kind of internet we want, 'we need a better understanding of the internet that we have' (Bernal, 2018: 2). The research methodology was designed by EKKE and 1,208 interviews were conducted by using a structured questionnaire via CATI by trained interviewers from EKKE's Web Lab. The data were collected 12 April -23 May 2019 and cleaned accordingly. 23 There are several modules in the questionnaire explored for the purpose of this study. The demographic variables we utilized are: Gender, Age, Education, Internet use experience and Monthly income (See Figure 1). In the total sample both genders (women 52% -men 47%) were almost equally represented while the age span of the participants was from 15 to 97 years. Almost half the respondents are early Internet users with 10+ years of experience. The majority of the participants have either High School diploma or vocational training and one third possess a University degree. Finally, half our respondents are economically located in the lower to middle income levels with a minority of 6% stating a higher financial status.

RESEARCH QUESTIONS AND METHODOLOGY
To clarify privacy attitudes among Greek users, we followed a two staged strategy. First, we investigated what Greek uses are more concerned about presenting metrics on 5 statements measuring privacy attitudes and 4 statements 24 measuring respondents' perceived safety for exercising their freedom of speech online. On the second part of our research, we analyzed our data. First, we created scales to measure internet engagement and social media use in order to investigate the degree to which online convenience and gaining social capital affect peoples' attitudes. Second, we correlated the scales and the sociodemographic characteristics of our users with their attitudes. Finally, we opted for an interpretation of the 'I have nothing to hide' attitude to determine whether it is an indication of digital resignation that justifies a more submissive attitude on behalf of our participants. The above are tested in the following research questions:

Privacy concerns-descriptive statistics
As can be seen in Figure 2, 54% of the respondents claim that 'There is no privacy, accept it', whereas only 23% somewhat and strongly agree with the statement that 'concerns about online privacy are exaggerated'. Almost 60% of the users feel they 'can control' their privacy online, and 70% state that they 'actively protect' it. Furthermore, we observed a dichotomy between the meaning the majority of the respondents' attributes to the statement I have nothing to hide (55,8%) and their strong concerns about their privacy being violated by corporations (75.6%), the government (60.8%) and other people (62.2%).

Figure 2: Privacy Concerns and attitudes*
In the WIP-GR survey the biggest concern about online privacy being violated is about corporations which is probably explained by the fact that most users often receive targeted advertisements and several digital marketing products. It is not enough for a company like Facebook to store 300 million photos or record the 2.7 billion likes that are clicked daily; using several algorithms, it mines this data, processes, and combines them committing 'abuse through transformation ' (Schyff et al. 2018;Smith (2016).
Another concern for 62% of the respondents is about governments. Governments surveil citizens and collect information and data to deal with cybercrime, fraud, terrorism, or other violations (Amoore & De Goede 2005), to establish a more efficient bureaucracy or to control immigration. As shown in

* T o t a l p e r c e n t a g e o f " S o m e w h a t a g r e e " a n d " S t r o n g l y a g r e e " .
Figure 3, the WIP-GR research participants express caution and an underlying awareness.

Figure 3: Freedom of Speech*
The grand majority hold that 'people should be able to criticize their governments online' (86%). Fewer respondents state that they feel 'comfortable saying whatever they think about politics' in general (68%) -admittedly denoting a significant degree of freedom of speech in Greece-however, much fewer believe that the internet is a safe place to express political ideas (27,20%). In the same vein, more than four out of ten people (48%) reject potential increase of internet regulation by the government. Apparently, participants believe that the internet ultimately involves the risk of exposing their political profile both to centers of power that may be surveilling them and to opposers who may be attacking. Political cyberbullying is a raising issue in various online communities (Bauman, 2019), while in the American elections of 2016 the phenomenon was seriously escalated especially due to the inflammatory rhetoric of Presidents' Trump campaign. 25 In addition to companies and governments, personal data are also being coveted by other individuals with controversial goals, mainly of a delinquent nature, such as identity theft, bank robbery, blackmail, or harassment, a danger that concerns 63% of Greek users. Apparently, users' concerns about the violation of their data by other individuals are associated with 'social privacy' which differs from 'institutional privacy' and violations by companies or governments (Park et al. 2018). In short, collecting and processing data from the socio-economic background of users for the purpose of profit or control does not seem to bother them as much as e.g., having to deal with embarrassing photos being posted on Facebook by a malicious person. This is an indication of a cognitive dichotomy, given that users worry about something they haven't really experienced while high rates of concerns about violations by others indicate that the issue of privacy appears to be a matter of infringement, criminal activity or social exposure and ashaming. It is also likely that respondents have not assessed several mundane cases as indicative of privacy violations, like targeted ads or recommendations to rate restaurants or cafes as soon as they exit them.

Q1: Does the level of internet engagement affect people's attitudes concerning their online privacy?
We implemented twenty-two variables and conducted an exploratory factor analysis (Floyd & Widaman, 1995;Gorusch, 1990) to develop scales that would measure peoples' level of internet engagement (deVellis 2003). We used principal axis factoring (Worthington & Whitaker 2006) with Promax (orthogonal) rotation. To estimate the contribution of specific socioeconomic variables to respondents' attitudes, we focused on gender, age, monthly income, and education level and implemented multinomial logistic regression (Gould, 2000; see also Papadoudis 2018). Ordinal regression analysis was used to determine what are the convictions of people who believe they have nothing to hide. The analysis yielded three factors explaining a total of 47,266% of the variance for the entire set of variables (see Table 1). Factor 1 was labeled 'Online Sociability' due to the high loadings by items such as: frequency of posting content, sharing content, instant messaging and phone calls online, maintaining relationships, create relationships, download videos and music. The second factor was labeled 'Internet use Frequency' due to the high loadings by items concerning how often users go online for several activities e.g., to get information about a product, buy things, make travel reservations, pay bills, etc. The third factor was labeled 'Internet Proficiency' because the 4 items that loaded onto it were related to the users' selfdeclared level of knowledge of performing tasks on the internet and their ability to effectively navigate it. The KMO score (0,843) and Bartlett's Test of Sphericity (p<0,001) both indicate that the set of variables is well related. We tested the internal consistency of the items by computing the Cronbach's a score for each factor. Finally, we attributed Anderson Rubin scores (Mean = 0, Variance of 1) to create 3 new variables labeled Online Sociability scale, Internet Frequency Use scale and Internet Proficiency scale. (Table 1). We created these scales to examine if online sociability, frequency of use and internet proficiency affect people's attitudes towards privacy concerns. We hypothesized that people who score high in online sociability and internet frequency use would be more willing to declare their concerns as conscious users but still exhibit a dichotomy since they are the ones to benefit most from internet's free services and activities. So, we performed a one-tail Pearson correlation to see also the direction. According to the results shown in Table 2 there is a significant deviation in people who score higher in the frequent use scale to be more concerned about corporations violating their privacy online. Another notable finding is people who score highly in both online sociability and internet proficiency tend to disagree with the notion 'I have nothing to hide' indicating that their involvement in the internet's allure has in fact instilled in them the idea that wanting to be private doesn't mean that you hide something. However, respondents who scored highly on the internet proficiency scale is the only group that disagrees with the statement 'there is no privacy accept it'. This is a good indication that the 'connoisseurs' understand two things: a) there are ways to protect ones' digital privacy and they probably know about them and b) they are not inclined to yield to the easy refuge of admitting that since there is no privacy online there is nothing we can do other than conceding private information to enjoy free services and social capital. Digital 'socialites' also tend to disagree with this statement but not significantly. Finally, while initial results showed that the majority of the respondents disagree with the statement 'on the Internet, it is safe to say whatever you think about politics' (48,3%) 26 , if we look closer to the respondents who score high in all three scales, they are most likely to agree with this statement. Being 'safe' to express political views online is not only about evading government surveillance, it also concerns being able to post opinions and participate in online discussions without being bullied. So, respondents who are highly engaged with the internet, possibly are not so concerned of being surveilled by the government rather than being able to handle online bulling and the emotionally charged spaces were politics might be discussed. However, all types of users, socialites, frequent users and connoisseurs tend to disagree with the statement that the 'governments should regulate the internet more than they do now', an indication of sharing the libertarian culture of netizens initiated already at late 1990s.

Q2: The demographics of online privacy concerns
The theme for this analysis is centered on four demographics and the three constructed scales of internet engagement to examine if these parameters can predict the respondents' privacy attitudes and concerns. For the estimations in Table 3 we implemented multinomial logistic regression reporting coefficients and odds ratios (OR). Each OR takes values higher than 0 and lower or higher than 1 which is the focal point (a value of 1 means that there is no contribution of the variable). Values below or above 1 may also interpret the direction of the attitudes according to which group is set as the reference group. In this case the reference category was Disagree because we wanted to use it as a baseline. The regression was performed to model the relationship between the predictor variables and participation in the three response groups (Agree, Disagree and Neither/nor Agree/Disagree). The predictive variables were all treated as covariates. The general significance of the model is good as shown both by the p value (p<0,005) in most cases and the χ 2 test. Therefore, the variables contribute to explain the essence of the privacy attitudes and representations of the respondents 27 . There are interesting results coming out of our explorations: Concerning gender, women tend to declare they 'actively protect their digital privacy' more prominently than men and they also tend to believe that they 'feel they can control their privacy online'. Women also appear to have given in the 'nothing to hide' concept as they tend to agree with this statement more than men although they do not believe that the internet is a safe place to discuss politics as strongly as men.
The factor of age only seems to affect people's perception about 'having nothing to hide' as they grow older therefore showing a mild positive direction to the statement as younger people appear more strongly in the Disagree side of the statement. We could hypothesize that older individuals, when presented with this statement, might perceive it as a challenge to their personal idea of dignity (they have done nothing wrong) rather than a challenge to their privacy.
The economic status of the respondents seems to significantly affect their efforts to 'actively protect their privacy', the odds ratio of being in the 'Agree' group rather than the' Disagree' are multiplicatively increased by 1,342. Also, the higher the income the less likely is the respondent to agree with the statement that governments violate online privacy (B=-0,230). However, their efforts to actively protect their privacy must be considered along with their significant agreement with the statement that 'there is no privacy online accept it' (OR=1,219), a statement that is mostly rejected by respondents who scored highly on the internet proficiency scale, as was also seen previously in the correlations (Table 2).
An interesting result derived from the variable of education as people of lower educational levels state they more actively protect their privacy online ( Figure 6) than the more educated users possibly because people with higher education may realize that actively protecting their privacy will not essentially protect them from violations, since they don't feel they can control it as indicated by the negative coefficient (B=-0,227). However, people with higher education tend to disagree with the statement 'concerns about online privacy are exaggerated' (Figure 7) whereas people with lower education tend to populate in higher percentages the 'Agree' and 'Neither/nor' area of the discussion.

Q3: Which variable affects the attitude 'I have nothing to hide'?
So far, the 'I have nothing to hide' attitude was not explained by any variable, therefore, in order to determine which factors are incorporated in this particular attitude we performed an ordinal regression analysis between the attitudes themselves to determine what are the convictions of people who believe they have nothing to hide. As shown in Table 4 the model seems good ([χ²(18)=98.760, p<.001] and it provides us with three significant results deriving from the 'Disagree' category: 1) The attitude 'concerns about online privacy are exaggerated' was a significant predictor of 'I have nothing to hide' attitude as there is a predicted decrease of 0.064 in the log odds of disagreeing with this statement as opposed to agreeing. This indicates that a person who believes that concerns about privacy online are being exaggerated is more likely to state they have nothing to hide.
2) The statement 'I feel I can control my privacy online' was also a significant predictor in the model as there is a decrease of 0.098 in the log odds of disagreeing with the statement. This also indicates that people who feel they can control their online privacy are more likely to state they have nothing to hide.
3) Finally, the variable 'the government should regulate the internet more' significantly contributed to the model with a strong inverse relationship of -0,733 to the category 'Disagree' indicating that people who have nothing to hide tend to state that the government should exert a stronger presence in regulating the Internet. These results might indicate people's perception of a digital inefficacy that may lead to a digital resignation regarding their privacy which they may perceive as vulnerable.

DISCUSSION AND CONCLUSIONS
The findings of our analysis indicate that people who state they have nothing to hide also believe that concerns about online privacy are exaggerated and they feel they can control their online privacy. That may lead to the tacit assumption that users' digital selves are likely to be surveilled, but if they have nothing to hide, then, this surveillance is not harmful. They believe in their 'innocence' so far so they are not guilty of collaborating with terrorists or committing cyber (or other) crimes; they also feel they can control their online privacy alone, but they need their governments to protect them. Therefore, this might indicate a partial understanding of dataveillance: people who state they 'have nothing to hide' tend to project in their digital lives the same expectations they have from their governments in the physical world, to regulate the digital environment and protect them against violations that might occur e.g., either by corporate abuse of information power or attacks from cyber-criminals. We also showed that internet proficient respondents -in both the web and social media-are the ones who disagree with this statement, indicating that the demand for digital privacy does not entail having something to hide. We also discovered that people with higher digital skills believe internet privacy is within reach indicating that they do comprehend the inner mechanisms of the 'surveillance capitalism' but opt to manage them alone since they discard any further regulation on behalf of governments. This attitude is revealing of the dark colors with which governments have been painted due to surveilling practices they implemented in the name of security thus undermining their citizens' trust (Lyon 2003(Lyon , 2014Benkler, 2016), an issue much debated in virtue of the Covid-19 pandemic. Does that mean that for a big part of our respondents dataveillance is accepted? Although comparative qualitative research is needed to thoroughly answer this question, it seems that peoples' assumptions about the violation of their digital privacy only go so far as to the acceptance that some companies may target them to and present them with advertisements that they will simply ignore. They may even think that they might be exposed to a few state officials and, since they are not guilty of hiding something, they should not be bothered if the exchange is the benefit of a free service or an online activity (Solove, 2007). In other words, 'I have nothing to hide' seems to be derived from the comparative value of privacy over security. In an article published on Washington Post in 2005, judge Richard Posner was writing: 'collecting and processing data from machines cannot be considered a violation of privacy […]. Because of their huge volume, data is being 'sifted' by computers looking only for names, phones or addresses that may have some value for security reasons', whereas the machine keeps most of these data from being read by any intelligence officer' (Posner, 2005). Bernal (2018: 71-77), however, argues against this 'myth of neutrality', as the presumed innocence of the 'technical, automatic and passive' process performed by a network or an algorithm, ceases to be valid once the processing of the information leads to decisions and purposes that the original owner of the information does not control. People can be marginalized or become targets of algorithmic discrimination (Conrad, 2009;o' Neil, 2016;Noble, 2018) as important moments in their lives, such as being accepted to a university or receiving a loan can be determined based on profiles created by random online data (Helbing 2015: 7;O 'Neil 2016: 1;Eubanks 2018). Human lives are becoming more and more visible, while power asymmetries are becoming more invisible and, thanks to the growing establishment of complex data systems, are also becoming commonsensical (Lupton 2014). As a result, under the pretext of security, digital media do not contribute to the 'democratization of democracy' but rather to its destabilization when governments surveil citizens and corporations 'flesh them out' of streams of data to manipulate them and potentially modify their behavior (Foa & Mounk, 2017).
Users, quite justifiably, require protection in their digital lives as they are expected to deal with violations occurring on such high technological levels they don't even know exist: in our study the majority of the respondents state that they 'don't feel they can control their online privacy'. However, the propagation of the 'I have nothing to hide' attitude raises three problems. First, it assumes that privacy is about being able to hide something bad (Posner 1978;Schneier 2006;Bernal 2018). Second, it narrows down the debate on surveillance and exploitation of personal data to the irrelevant issue of whether one has something to hide and diverts it from the real questions which are, as Zuboff (2020) so aptly puts them, 'Who knows? Who decides who knows? Who decides who decides who knows?' The third problem concerns the misconception of people who believe that, since they 'have nothing to hide', they will be permanently 'innocent' by neglecting the version in which their digital existence can be incriminated by anyone who might have an agenda. Shephard (2016) observes that when 'a person loses control of his information, he/she also loses control of the potential transformations of that information'. This is more likely to happen through 'surveillance assemblages' which 'datafy' aspects of identity, individuality and diversity (Poullet & Dinant 2006;Haggerty & Erickson 2000). If the challenge behind the claim 'I have nothing to hide' is 'then you have nothing to fear', that implies that 'good' people do not need privacy, as long as they have nothing to hide and 'bad' people do not deserve it, since obviously what they want to hide is harmful. Which reminds us of Zuboff's 'treacherous hallucination' that privacy is private. Within the confusing gap between what we know and what is known about us, we neglect that the very value of privacy is public -a collective good that is inseparable from the values of human autonomy and self-determination upon which privacy as well as citizenship depend (Weintraub & Kumar, 1997).
Therefore, legislation and regulation are firstly required in order to tackle the epistemic inequality. It is obvious that self-regulation of tech giants is coming to an end and state-based regulation and stronger enforcement of existing legislation is necessary. In Greece, the right to the protection of personal data is enshrined in the 2001 revision of Article 9A of the Constitution and is regulated by the General Rule for the Protection of Data (2016/679) which was enforced on May 2018 along with law 4624/2019 which defines the enforcement measures that integrated the European Directive (2016/680). However, according to the Special Eurobarometer 487a Survey 28 , although Greek people seem coordinated with the rest of Europe concerning their knowledge about the existence of the General Data Protection Regulation, 39% of the respondents have not even heard which are the six rights GDPR protects landing them well below the European average. Which gives rise to a second imperative: information and digital literacy. In Greece, as well as throughout Europe, the legal framework is set but people need to know their rights and the authorities that protect them. Enhancing informational channels about the legal status of peoples' online rights can only advance digital citizenship skills along with proper education. With Google in the lead, the top surveillance capitalists seek to control labor markets in expertise -including data science -eliminating competitors such as start-ups, universities, high schools, municipalities, established corporations in other industries or less wealthy countries. People need to familiarize themselves with the language of the digital world to the best of their abilities. If 20 th century politics were defined by who owns the means of production, 21st century politics needs to be based on who owns the production of meaning. Introducing digital literacy in schools is of the utmost importance especially given the fact that children and teenagers today are digital natives that need to be best equipped in order to adapt to the even more complex and technically defined world of the future.
Although it is unfair for the users to carry once again the burden of securing their own privacy having to deal with technological savants behind algorithmic curtains, that is where a third imperative comes in: algorithmic transparency through explainable AI. One of the sections of the EU's General Data Protection Regulation (GDPR) focuses on the right to 'explanation'. Essentially, it mandates that users be able to demand the data behind the algorithmic decisions made for them including recommendation systems, credit and insurance risk systems, advertising programs and social networks. In doing so, it tackles 'intentional concealment' by corporations. However, the ambiguity and limited scope of the 'right not to be subject to automated decision-making' contained in Article 22 (from which the 'right to explanation' derives) raises questions over the actual protection provided to data subjects (Wachter et al., 2017). Furthermore, article 22 does not address the technical challenges associated with transparency in modern algorithms. Explainable AI (Miller, 2017;Pasquale, 2014;Edwards & Veale, 2017) is actually algorithms that can reveal how they work and why they end up in making a specific decision. Therefore, systems that work by analyzing and reporting which information input weighted the most in a decision-making algorithm, e.g., measuring and presenting how important the number of accidents a driver might have had in calculating the cost of their car insurance, may lift the veil over the 'man behind' the algorithmic 'curtain' …

FUNDING STATEMENT AND ACKNOWLEDGMENTS
This article is an output of the project "Research, Education and Infrastructures: the triangulation of EKKE strategic axes (REDI)", which is co-financed by the European Regional Development Fund in the framework of the Operational Programme "Competitiveness, Entrepreneurship and Innovation 2014-2020" (EPAnEk). The authors thank the anonymous reviewers for their constructive suggestions for the article to take its final form.