Abstract
Privacy laws in South Asian countries are still at a nascent stage. Therefore, South Asian websites are susceptible to user privacy violation. This paper presents an assessment of website privacy policies from 10 sectors in the three largest South Asian economies, namely, India, Pakistan, and Bangladesh. Using a manual qualitative analysis on a dataset of 284 popular websites, we assessed the policies based on accessibility, readability, and compliance with 11 privacy principles. Our findings show that overall, the privacy statement accessibility, and privacy compliance of websites from the three countries is low especially in the education, healthcare, and government sectors. Readability is quite low for websites in all 10 sectors of the three countries. Privacy compliance in each country is the highest for the principles of data processing and third-party transfer, whereas it is the lowest for protection of children’s data, data retention and portability. Indian websites performed comparatively better amongst the three countries on all three metrics, followed by Pakistan, and Bangladesh. Based on our results, we provide recommendations involving all stakeholders (i.e., website owners, privacy regulators, and users) to help improve privacy protection of user data in South Asia.
Highlights
Privacy is the ability of an individual to express himself selectively in a public domain [1], [2]
Our results show that overall, the privacy statement accessibility, and privacy compliance of Indian, Pakistani, and Bangladeshi websites is low especially in the education, healthcare, and government sectors
Awareness of this concept is growing in this region as is evident from the recent efforts of privacy legislations based on General Data Protection Regulation (GDPR) in India, Pakistan, and Bangladesh
Summary
Privacy is the ability of an individual to express himself selectively in a public domain [1], [2]. In this digital age, the notion of privacy primarily refers to the freedom that an individual should have for determining how his personally identifiable information (e.g., name, date of birth, email address, and IP address) are processed, i.e., collected, used, and disclosed [3]–[5]. One channel through which personal information is processed, is the publicly accessible websites of business and service entities. Business entities either analyze user information themselves or share/sell them to advertisers and researchers to best tailor commercial services to the online
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
