Evaluating privacy compliance and usability risks in Bangladeshi mobile applications: a GDPR-based sectoral study
Date
2025-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
BRAC University
Abstract
The ever-growing increase of mobile applications in Bangladesh has intensified concerns
over personal data privacy and regulatory compliance. Most of the mobile
applications in Bangladesh treat sensitive user data with ambiguous or poor privacy
regulation models, which subject customers to the risk of high privacy and security.
This research performs an analysis of privacy compliance and usability risks
of 32 popular Bangladeshi mobile applications in four major sectors: Healthcare,
E-Commerce, Entertainment and mobile financial services on the basis of the European
General Data Protection Regulation (GDPR) as one of the global standards,
In our study, we focus on exploring how the GDPR compliance of Bangladesh mobile
apps is presented in their privacy policies and how the definitions of such statements,
whether in the form of explicit obligations or in the form of vague non-committal
statements, affect the actual rate of compliance. The sector-based analysis reveals
that e-commerce apps and healthcare apps showed a better range of compliance
scores in the positive language framing context, whereas negative constructions in
all the sectors showed the least compliance scores, which is an indicator of latent
privacy risk. This study finds the outcome that identifies sector-specific faults and illustrates
the effects of privacy policy wording on privacy usability as well as security
usability in less developed nations such as Bangladesh. Regulators and policymakers
can use the findings to design actionable insights that can guide decision-makers,
app developers, and similar stakeholders interested in improving privacy governance
and better protecting the data of digital users in dynamic online environments.
Description
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 39-40).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2025.
Includes bibliographical references (pages 39-40).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2025.
Keywords
GDPR, Privacy policy, Data protection, Mobile applications, General Data Protection Regulation
