One Year After the PDPL: a Glimpse into the E-Commerce World in Saudi Arabia

• URL: http://arxiv.org/abs/2602.18616v2
• Date: Thu, 26 Feb 2026 21:56:24 GMT
• Title: One Year After the PDPL: a Glimpse into the E-Commerce World in Saudi Arabia
• Authors: Eman Alashwali, Abeer Alhuzali,
• Abstract summary: Saudi Arabia's Personal Data Protection Law came into force in 2024.<n>We analyzed 100 e-commerce websites in Saudi Arabia against the PDPL.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: In 2024, Saudi Arabia's Personal Data Protection Law (PDPL) came into force. However, little work has been done to assess its implementation. In this paper, we analyzed 100 e-commerce websites in Saudi Arabia against the PDPL, examining the presence of a privacy policy and, if present, the policy's declarations of four items pertaining to personal data rights and practices: a) personal data retention period, b) the right to request the destruction of personal data, c) the right to request a copy of personal data, and d) a mechanism for filing complaints. Our results show that, despite national awareness and support efforts, a significant fraction of e-commerce websites in our dataset are not fully compliant: only 31% of websites in our dataset declared all four examined items in their privacy policies. Even when privacy policies included such declarations, a considerable fraction of them failed to cover required fine-grained details. Second, the majority of top-ranked e-commerce websites (based on search results order) and those hosted on local e-commerce hosting platforms exhibited considerably higher non-compliance rates than mid- to low-ranked websites and those not hosted on local e-commerce platforms. Third, we assessed the use of Large Language Models (LLMs) as an automated tool for privacy policy analysis to measure compliance with the PDPL. We highlight the potential of LLMs and suggest considerations to improve LLM-based automated analysis for privacy policies. Our results provide a step forward in understanding the implementation barriers to data protection laws, especially in non-Western contexts. We provide recommendations for policymakers, regulators, website owners, and developers seeking to improve data protection practices and automate compliance monitoring.

Related papers

• A BERT-based Empirical Study of Privacy Policies' Compliance with GDPR [9.676166100354282]
  This study aims to address challenge of compliance analysis between privacy policies for 5G networks. We manually collected privacy policies from almost 70 different MNOs and we utilized an automated BERT-based model for classification. In addition, we present first empirical evidence on the readability of privacy policies for 5G network. we adopted incorporates various established readability metrics.
  arXiv  Detail & Related papers  (2024-07-09T11:47:52Z)
• The Data Minimization Principle in Machine Learning [61.17813282782266]
  Data minimization aims to reduce the amount of data collected, processed or retained. It has been endorsed by various global data protection regulations. However, its practical implementation remains a challenge due to the lack of a rigorous formulation.
  arXiv  Detail & Related papers  (2024-05-29T19:40:27Z)
• Crumbled Cookie Exploring E-commerce Websites Cookie Policies with Data Protection Regulations [7.515555018682104]
  Many websites continue to use cookies to track user activities. Motivated by the question of why these data protection violations occur, we examined whether websites in multiple countries comply with regulations.
  arXiv  Detail & Related papers  (2024-01-11T10:49:14Z)
• Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
  We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
  arXiv  Detail & Related papers  (2023-04-06T05:20:16Z)
• The Saudi Privacy Policy Dataset [0.0]
  The paper introduces a diverse compilation of privacy policies from various sectors in Saudi Arabia. The final dataset includes 1,000 websites belonging to 7 sectors, 4,638 lines of text, 775,370 tokens, and a corpus size of 8,353 KB. The paper aims to further research and development in the areas of privacy policy analysis, natural language processing, and machine learning applications related to privacy and data protection.
  arXiv  Detail & Related papers  (2023-04-05T21:40:37Z)
• No Free Lunch in "Privacy for Free: How does Dataset Condensation Help Privacy" [75.98836424725437]
  New methods designed to preserve data privacy require careful scrutiny. Failure to preserve privacy is hard to detect, and yet can lead to catastrophic results when a system implementing a privacy-preserving'' method is attacked.
  arXiv  Detail & Related papers  (2022-09-29T17:50:23Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)
• Tracking in apps' privacy policies [3.8073142980733]
  We analysed privacy policies from 26,910 mobile apps in May 2019. 52 developers of apps did not provide privacy policy and asked them about data practices. Despite being legally required to answer such queries, 12 developers (23%) failed to respond.
  arXiv  Detail & Related papers  (2021-11-15T16:03:59Z)
• AI-enabled Automation for Completeness Checking of Privacy Policies [7.707284039078785]
  In Europe, privacy policies are subject to compliance with the General Data Protection Regulation. In this paper, we propose AI-based automation for completeness checking privacy policies.
  arXiv  Detail & Related papers  (2021-06-10T12:10:51Z)
• Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset [6.060757543617328]
  We develop a crawler that discovers, downloads, and extracts archived privacy policies from the Internet Archive's Wayback Machine. We curated a dataset of 1,071,488 English language privacy policies, spanning over two decades and over 130,000 distinct websites. Our data indicate that self-regulation for first-party websites has stagnated, while self-regulation for third parties has increased but is dominated by online advertising trade associations.
  arXiv  Detail & Related papers  (2020-08-20T19:00:37Z)
• A vision for global privacy bridges: Technical and legal measures for international data markets [77.34726150561087]
  Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil" An open conflict is arising between business demands for data and a desire for privacy. We propose and test a vision of a personal information market with privacy.
  arXiv  Detail & Related papers  (2020-05-13T13:55:50Z)
• GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
  We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
  arXiv  Detail & Related papers  (2020-05-04T22:01:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.