Investigating Data Privacy Evaluation Criteria and Requirements for e-Commerce Websites

Abstract

AbstractIn the era of the fourth industrial revolution, more and more organizations are providing services through the internet using e-commerce websites. As such, customers need to share their personal information with e-commerce providers, some of which is sensitive and confidential. This has brought the privacy and security of personal information in e-commerce websites to the fore and has resulted in the creation of data privacy regulations by countries and regional bodies with a view to monitoring and protecting end users’ personal information. However, there is a lack of guidelines from information regulators on how to implement the data privacy regulatory requirements for e-commerce website privacy. There is also not currently guidance in South Africa of how to operationalise the data privacy conditions of the Protection of Personal Information Act (POPIA) on websites. This paper aims to propose evaluation criteria for e-commerce websites to aid with data privacy regulation compliance. A scoping literature review was conducted, using the PRISMA method, to review existing data privacy evaluation criteria for e-commerce websites. The contribution of this study is a holistic set of evaluation criteria, comprising 22 main criteria with 57 individual evaluation criteria, structured according to the POPIA principles and with reference to the GDPR articles. The proposed evaluation criteria can aid organisations to develop their websites in line with data privacy principles by providing a point of reference for the controls that must be considered and providing a better understanding of how to operationalise data privacy conditions on websites.KeywordsData privacySecurityPersonal informationE-commerceWebsiteEvaluationCriteria