Privacy and web analytics in whistleblowing channels
Vuorinen, Esko (2024-04-11)
Privacy and web analytics in whistleblowing channels
Vuorinen, Esko
(11.04.2024)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2024042220190
https://urn.fi/URN:NBN:fi-fe2024042220190
Tiivistelmä
In today’s digital landscape, where data is being collected in virtually every interaction between users and websites, safeguarding users’ privacy has become exceedingly paramount. This becomes even more critical with applications that handle information of sensitive nature such as whistleblowing channels, where preserving the anonymity of reporters is extremely important. The EU whistleblower directive mandated for larger corporations to establish these channels to promote transparency and accountability within their organizations. This thesis discusses how well Finnish companies have established safe and trustworthy whistleblowing channels by going over what kind of information is being leaked during the whistleblowing process, and can it lead to the identification of a user.
The thesis starts off by introducing the legislation that is relevant to data management within the whistleblowing channels in Finland, mainly the GDPR and the whistleblowing directive, along with Finland’s implementation of these regulations. Following this, the thesis goes over what kind of privacy risks and threats exist inside the whistleblowing channels. Subsequently, two case studies are carried out to show how well the 15 biggest companies in Finland protect the privacy of the whistleblower during the utilization of each company’s whistleblowing channel. The thesis also looks into how dark patterns i.e. deceptive designs, inside the companies’ cookie banners, are used to manipulate users into making unbeneficial decisions for themselves. Additionally, the thesis assesses the clarity and comprehensibility of the companies’ privacy policies, focusing on how well they are written in terms of transparency and understandability. Based on the research done in this thesis, all of the 15 companies leaked data that could lead to the identification of the reporter. Furthermore, most of the companies fell short in terms of the both the effectiveness of the content in their privacy policies, and the harmful usage of dark patterns in their cookie banners.
The thesis starts off by introducing the legislation that is relevant to data management within the whistleblowing channels in Finland, mainly the GDPR and the whistleblowing directive, along with Finland’s implementation of these regulations. Following this, the thesis goes over what kind of privacy risks and threats exist inside the whistleblowing channels. Subsequently, two case studies are carried out to show how well the 15 biggest companies in Finland protect the privacy of the whistleblower during the utilization of each company’s whistleblowing channel. The thesis also looks into how dark patterns i.e. deceptive designs, inside the companies’ cookie banners, are used to manipulate users into making unbeneficial decisions for themselves. Additionally, the thesis assesses the clarity and comprehensibility of the companies’ privacy policies, focusing on how well they are written in terms of transparency and understandability. Based on the research done in this thesis, all of the 15 companies leaked data that could lead to the identification of the reporter. Furthermore, most of the companies fell short in terms of the both the effectiveness of the content in their privacy policies, and the harmful usage of dark patterns in their cookie banners.