Growth in technology has resulted in the large-scale collection and processing of Personally Identifiable Information by organizations that run digital services such as websites, which led to the emergence of new legislation to regulate PII collection and processing by organizations. Subsequently, several African countries have recently started enacting new data protection regulations due to recent technological innovations. However, there is little information about the security and privacy practices of top websites serving content to EAC citizens. We, therefore, analyze the website operators' patterns in terms of third-party tracking, security of data transmission, cookie information, and privacy policies for 169 top EAC website operators using WebXray, OpenSSL, and Alexa top websites API. Our results show that only 75 percent of the analyzed websites have a privacy policy in place. Out of this, only 16 percent of the third-party tracking companies that track users on a particular website are disclosed in the site's privacy policy statements which means that users don not have a way of knowing which third parties collect data about them when they visit a website. Such privacy policies take time to read and are difficult to understand; on average, it takes a college graduate to comprehend the policy and a user spends 12 minutes to read the policy. Additionally, most third-party tracking on EAC websites is related to advertisement and belongs to companies outside the EAC. This means that EAC lawmakers need to enact suitable laws to ensure that people's privacy is protected as the rate of technology adoption continues to increase.
翻译:科技增长导致网站等数字服务组织大规模收集和处理个人识别信息,导致网站等数字服务组织大规模收集和处理个人识别信息,导致新立法,以规范各组织收集和处理PII的收集和处理。随后,一些非洲国家由于最近的技术革新,最近开始颁布新的数据保护条例。然而,关于向东非共同体公民提供内容的顶级网站的安全和隐私做法的信息很少。因此,我们分析了网站运营商在第三方跟踪、数据传输安全、饼干信息以及隐私政策方面的模式,这些模式涉及使用WebXray、OpenSSL和Alexa顶级网站AIPI的169个东非共同体顶级网站运营商。我们的结果显示,只有75%的经分析的网站制定了隐私政策。在这方面,只有16%的第三方跟踪特定网站用户的公司在网站上的隐私政策声明中披露了安全和隐私做法。这意味着用户在访问网站时无法知道哪些第三方收集有关他们的数据。这种隐私政策需要时间来阅读和难以理解;平均而言,由第三大学毕业生在理解这一政策中只有75%有隐私政策,而用户在EAC网站上需要12分钟才能阅读与EAC相关的法律。