Evaluating privacy compliance and usability risks in Bangladeshi mobile applications: a GDPR-based sectoral study

Thumbnail Image

Date

2025-06

Journal Title

Journal ISSN

Volume Title

Publisher

BRAC University

Abstract

The ever-growing increase of mobile applications in Bangladesh has intensified concerns over personal data privacy and regulatory compliance. Most of the mobile applications in Bangladesh treat sensitive user data with ambiguous or poor privacy regulation models, which subject customers to the risk of high privacy and security. This research performs an analysis of privacy compliance and usability risks of 32 popular Bangladeshi mobile applications in four major sectors: Healthcare, E-Commerce, Entertainment and mobile financial services on the basis of the European General Data Protection Regulation (GDPR) as one of the global standards, In our study, we focus on exploring how the GDPR compliance of Bangladesh mobile apps is presented in their privacy policies and how the definitions of such statements, whether in the form of explicit obligations or in the form of vague non-committal statements, affect the actual rate of compliance. The sector-based analysis reveals that e-commerce apps and healthcare apps showed a better range of compliance scores in the positive language framing context, whereas negative constructions in all the sectors showed the least compliance scores, which is an indicator of latent privacy risk. This study finds the outcome that identifies sector-specific faults and illustrates the effects of privacy policy wording on privacy usability as well as security usability in less developed nations such as Bangladesh. Regulators and policymakers can use the findings to design actionable insights that can guide decision-makers, app developers, and similar stakeholders interested in improving privacy governance and better protecting the data of digital users in dynamic online environments.

Description

Cataloged from PDF version of thesis.
Includes bibliographical references (pages 39-40).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2025.

Keywords

GDPR, Privacy policy, Data protection, Mobile applications, General Data Protection Regulation

Citation

Endorsement

Review

Supplemented By

Referenced By