Linux User Group of Mauritius Promoting open source software in our beautiful island

26Sep/150

Privacy Compliance Assessment in Mauritius

Posted by Ish

Privacy is a subject that is poorly understood in Mauritius. I often see local websites collecting information through contact forms yet having no privacy policy or some times the policy is a mere “copy & paste” without considering compliance as per the Data Protection Act 2004 of Mauritius.

Privacy Compliance Assessment in MauritiusCompliance with the Data Protection Act can be a cumbersome process for many. Some might even ignore it as very few people ever question about privacy in Mauritius. Nonetheless, the law remains the law. To help in making privacy simpler to understand and comply with, several months ago, Nadim Bundhoo, Nirvan Pagooah, Ajay Ramjatan, S. Moonesamy and I collaborated on a project, which we called the “Privacy Compliance Assessment” webapp.

The Privacy Compliance Assessment web application can be accessed at http://www.elandsys.com/~sm/privacy-mu.

As per the Data Protection Act, a “data controller” is a person who either alone or jointly with any other person, makes a decision with regard to the purposes for which and in the manner in which any personal data are, or are to be, processed.

A data controller needs to make sure that procedures of collection, processing and storage of personal data as set are compliant with the Data Protection Act 2004 of Mauritius.

We’re thankful to the Data Protection Commissioner, Mrs. Drudeisha Madhub and her team, who provided us the relevant information. The Data Protection Office helped us throughout the project with regular reviews and suggesting amendments.

The Data Protection Commissioner accepted our invitation to introduce the webapp and do a presentation during the Developers Conference 2015.

How does the app work?

The application runs on the client side, that is your Internet browser. The assessment takes you through a series of questions that can be answered with a Yes/No toggle button. At the end of the assessment, you’re told whether your organization is compliant with the Data Protection Act 2004. Information that you provide are not sent back to the server. You may run the assessment as many times as you require.

The web application is released under the GNU General Public License (GPL) version 2. You may use the app, modify it and redistribute it as allowed under GNU GPLv2.

We aim to present “privacy” in a simple way and make “privacy compliance” a bit of a fun thing to achieve :)


On 15 May 2014, I highlighted a major privacy breach on the mnic.mu website where personal data collected through Google Forms were exposed on the Internet.

On 1 June 2014, I reported a data leak on the government web portal that affected over 9,000 people.

On 7 July 2014, I presented security flaws on the government web portal that could lead to data leakage.

On 5 October 2014, I wrote about my concerns over the use of Face recognition CCTV cameras in urban areas of Mauritius.

On 3 October 2014, S. Moonesamy reported privacy concerns with konetou advertising.

On 21 September 2015, S. Moonesamy wrote to the Government Online Centre regarding the “privacy policy” of www.govmu.org.

On 23 September 2015, I wrote to the Ministry of Technology, Communication and Innovation, highlighting my concerns as to the collection of personal data through the “login captcha” on the government web portal.

The post Privacy Compliance Assessment in Mauritius appeared first on HACKLOG.