IEEE Access (Jan 2020)
A Study of South Asian Websites on Privacy Compliance
Abstract
Privacy laws in South Asian countries are still at a nascent stage. Therefore, South Asian websites are susceptible to user privacy violation. This paper presents an assessment of website privacy policies from 10 sectors in the three largest South Asian economies, namely, India, Pakistan, and Bangladesh. Using a manual qualitative analysis on a dataset of 284 popular websites, we assessed the policies based on accessibility, readability, and compliance with 11 privacy principles. Our findings show that overall, the privacy statement accessibility, and privacy compliance of websites from the three countries is low especially in the education, healthcare, and government sectors. Readability is quite low for websites in all 10 sectors of the three countries. Privacy compliance in each country is the highest for the principles of data processing and third-party transfer, whereas it is the lowest for protection of children's data, data retention and portability. Indian websites performed comparatively better amongst the three countries on all three metrics, followed by Pakistan, and Bangladesh. Based on our results, we provide recommendations involving all stakeholders (i.e., website owners, privacy regulators, and users) to help improve privacy protection of user data in South Asia.
Keywords
