Abstract
Technological growth has resulted in the large-scale collection and processing of Personally Identifiable Information (PII) by organizations that run digital services such as websites and has led to new legislation to regulate PII collection and processing by organizations. Subsequently, several African countries have recently started enacting new data protection regulations due to recent technological innovations. However, there is little information about top websites’ security and privacy practices serving content to East African Community (EAC) citizens. We, therefore, analyze the website operator’s patterns in terms of third-party tracking, security of data transmission, cookie information, and privacy policies for 169 top EAC website operators using WebXray, OpenSSL, and Alexa top websites Application Programming Interface (API). Our results show that only 75% of the analyzed websites have a privacy policy. Furthermore, only 16% of the third-party tracking is disclosed in the site’s privacy policy statements. Privacy policies also take time to read and are difficult to understand; on average, it takes a college graduate to comprehend the policy information. A user spends twelve minutes reading the policy. Additionally, most third-party tracking on EAC websites is related to advertisement and belongs to companies outside the EAC. Therefore, EAC lawmakers and Africa need to enact suitable laws to protect people’s privacy as we adopt more technologies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Solove, D.: A taxonomy of privacy (2006)
A look at China’s draft of Personal Information Protection Law. https://iapp.org/news/a/a-look-at-chinas-draft-of-personal-data-protection-law/. Accessed 15 Mar 2021
Goldman, E.: An Introduction to the California Consumer Privacy Act (CCPA), 09 July 2018. https://iapp.org/media/pdf/resource_center/Intro_to_CCPA.pdf. Accessed 10 Mar 2021
Mayer, J.R., Mitchell, J.C.: Third-party web tracking: policy and technology. In: 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 413–427. Institute of Electrical and Electronics Engineers Inc. (2012)
What are Cookies? https://www.kaspersky.com/resource-center/definitions/cookies. Accessed 15 Apr 2021
An overview of HTTP - HTTP | MDN. https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview. Accessed 15 Apr 2021
East African Community. https://www.eac.int/. Accessed 15 Apr 2021
Data protection, GOV.UK. https://www.gov.uk/data-protection. Accessed 15 Apr 2021
Libert, T.: An automated approach to auditing disclosure of third-party data collection in website privacy policies. Reuters Institute for the Study of Journalism (2018)
Borena, B., Belanger, F., Egigu, D.: Information privacy protection practices in Africa: a review through the lens of critical social theory. IEEE Xplore (2015)
The United Nations Conference and on Trade and Development, Data Protection and Privacy Legislation Worldwide | UNCTAD. https://unctad.org/page/data-protection-and-privacy-legislation-worldwide. Accessed 13 Apr 2021
GSMA: The State of Mobile Internet Connectivity Report 2020 - Mobile for Development, Mobile for Development (2019). https://www.gsma.com/r/somic/. Accessed 13 Apr 2021
Mamakou, X.J., Kardaras, D.K., Papathanassiou, E.A.: Evaluation of websites’ compliance to legal and ethical guidelines: a fuzzy logic–based methodology. J. Inf. Sci. 44(4), 425–442 (2018)
Information Commissioner’s Office (ICO): The benefits of data protection laws. https://ico.org.uk/for-organisations/sme-web-hub/the-benefits-of-data-protection-laws/. Accessed 12 Mar 2021
Adedayo, L., Butakov, S., Ruhl, R., Lindskog, D.: E-Government web services and security of Personally Identifiable Information in developing nations a case of some Nigerian embassies. In: 8th International Conference for Internet Technology and Secured Transactions (ICITST 2013), pp. 623–629 (2013)
Mamakou, X.J., Kardaras, D.K., Papathanassiou, E.A.: Evaluation of websites compliance to legal and ethical guidelines: a fuzzy logic–based methodology. J. Inf. Sci. 44(4), 425–442 (2018)
Mutimukwe, C., Kolkowska, E., Grönlund, Å.: Information privacy practices in e-government in an African least developing country, Rwanda. Electron. J. Inf. Syst. Dev. Ctries. 85(2), e12074 (2019)
Ruhwanya, Z.S.: Attitudes toward, and awareness of, online privacy and security: a quantitative comparison of East Africa and U.S. internet users. Thesis, Kansas State University (2015)
Omariba, Z.B., Masese, N.B.: Security and privacy of electronic banking. Int. J. Comput. Sci. Issues 9(4), 432–446 (2012)
Mutimukwe, C., Kolkowska, E., Grönlund, Å.: Trusting and adopting e-government services in developing countries? Privacy concerns and practices in Rwanda. In: Janssen, M., et al. (eds.) EGOV 2017. LNCS, vol. 10428, pp. 324–335. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64677-0_27
Aladeokin, A., Zavarsky, P., Memon, N.: Analysis and compliance evaluation of cookies-setting websites with privacy protection laws. In: 12th International Conference on Digital Information Management, ICDIM 2017, vol. 2018, pp. 121–126, January2017
Bashir, M.A., Arshad, S., Kirda, E., Robertson, W., Wilson, C.: How tracking companies circumvented ad blockers using WebSockets. In: Proceedings of the Internet Measurement Conference (2018)
Papadopoulos, P., Kourtellis, N., Markatos, E.: Cookie synchronization: everything you always wanted to know but were afraid to ask. In: The World Wide Web Conference on - WWW 2019 (2019)
Abdulrauf, L.A.: Giving ‘teeth’ to the African Union towards advancing compliance with data privacy norms. Inf. Commun. Technol. Law 30(2), 1–21 (2020)
Alexa - Top Sites for Countries. https://www.alexa.com/topsites/countries. Accessed 15 Apr 2021
Libert, T.: timlib/webXray (2021). https://github.com/timlib/webXray. Accessed 14 May 2021
Alexa - Top Sites in Kenya – Alexa. https://www.alexa.com/topsites/countries/KE. Accessed 28 Apr 2021
Alexa - Top Sites in Tanzania – Alexa. https://www.alexa.com/topsites/countries/TZ. Accessed 28 Apr 2021
Alexa - Top Sites in Uganda – Alexa. https://www.alexa.com/topsites/countries/UG. Accessed 28 Apr 2021
Ugwire Top 10 Most Visited Websites In Rwanda 2021 Popular. https://ugwire.com/top-10-most-visited-websites-rwanda/. Accessed 28 Apr 2021
Burundi: Websites in Burundi. https://index.woorank.com/en/reviews?countries=BI. Accessed 28 Apr 2021
Most Popular Websites In Burundi. https://webchart.org/countries/statistics/BI. Accessed 28 Apr 2021
Flesch, R.: A new readability yardstick. J. Appl. Psychol. 32(3), 221–233 (1948)
Maris, E., Libert, T., Henrichsen, J.: Tracking sex: the implications of widespread sexual data leakage and tracking on porn websites. arXiv[cs.CY] (2019)
McDonald, A., Cranor, L.: The cost of reading privacy policies. I/S J. Law Policy Inf. Soc. 4 (2008)
Oltramari, A., et al.: PrivOnto: A semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018)
Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information (2015)
Grossman, J.: The state of website security. IEEE Secur. Priv. 10(4), 91–93 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mohamed, A., Olanrewaju, A.E., Dare, C., Tanui, M., Lami, F.B. (2023). State of Security and Privacy Practices of Top Websites in the East African Community (EAC). In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 560. Springer, Cham. https://doi.org/10.1007/978-3-031-18458-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-031-18458-1_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18457-4
Online ISBN: 978-3-031-18458-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)