Journal of Information Systems and Informatics (Dec 2024)

Evaluating Data Privacy Compliance of South African E-Commerce Websites Against POPIA

  • Adele Da Veiga,
  • Hanifa Abdullah,
  • Sunet Eybers,
  • Elisha Ochola,
  • Mathias Mujinga,
  • Emilia Mwim

DOI
https://doi.org/10.51519/journalisi.v6i4.917
Journal volume & issue
Vol. 6, no. 4
pp. 2693 – 2732

Abstract

Read online

South African e-commerce websites must comply with the Protection of Personal Information Act (POPIA) to process customer’s personal information. However, limited research exists about data privacy implementation within these websites. This study assesses the extent of data privacy integration in 50 SA e-commerce websites. The assessment uses 57 evaluation criteria developed in the initial phases of the study, mapped to POPIA and refined in this study. While some e-commerce websites meet the requirements, significant improvements are required to safeguard users' personal information. Key areas requiring attention include processing consent, strong password management, and quality of data that was not ensured. Recommendations include clear data collection practices, explicit purpose specification, consent acquisition for processing, marketing preferences and sharing with third parties, data quality maintenance and enhanced security measures for passwords. Many online privacy policies fail to cover all POPIA privacy conditions and specific recommendations for content are included. These findings highlight a critical need for stronger data privacy practices in South African e-commerce to protect customer information. The refined evaluation criteria are a novel contribution for use by organisations to assess or develop their websites to operationalise POPIA requirements, supporting better self-assessment and integration of data privacy measures.

Keywords