A Comparative Study of Finnish and Sri Lankan Privacy Regulations and Compliance on the Web

Rajapaksha, Sammani; Puhtila, Panu; Heino, Timi; Rauti, Sampsa
A Comparative Study of Finnish and Sri Lankan Privacy Regulations and Compliance on the Web

Rajapaksha, Sammani
Puhtila, Panu
Heino, Timi
Rauti, Sampsa
Katso/Avaa
Lataukset: 

doi:10.1145/3711954.3711957
URI
https://doi.org/10.1145/3711954.3711957
Näytä kaikki kuvailutiedot
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe202601215769
Tiivistelmä


With the increase in various risks for website user privacy in the recent decade, the regulators across the globe have stepped up and brought forth new legislation to better safeguard against privacy violations, to varying degrees. Mandates such as the European GDPR require the websites to comply with certain standards of privacy, such as obtaining a freely given consent for data processing. However, in many countries, these kinds of privacy enhancing practices are not employed. In this paper, we conduct a comparative analysis of several privacy aspects between Sri Lankan and Finnish websites, to determine what differences exist between them and how the regulations are implemented between these two countries. Our survey includes 94 Sri Lankan public sector websites, 16 Sri Lankan private company websites, 63 Finnish public sector websites and 15 Finnish private company websites. The public sector websites we studied presented the governmental institutions in these countries, and the private company websites presented the largest domestic corporations measured by revenue. Based on the concepts derived from the regulation with open coding, we also measure the privacy aspects in eight categories: (1) use of cookie consent banner, (2) availability of privacy policy, (3) privacy policy readability, (4) use of HTTPS, (5) number of third parties receiving personal data from the website, (6) cross-border data transmissions, (7) use of dark patterns in cookie consent banner and (8) availability of the website. We also conducted a readability analysis on the privacy policies used in the websites that had them. Our results show that the Finnish websites generally fared well in terms of privacy and compliance. In Sri Lanka, 1) government websites fared worse than private companies and 2) all websites had more problems in terms of privacy than the Finnish ones. This points to the effectiveness of GDPR and well-enforced legislation in general, in improving privacy matters.

Kokoelmat