What laws protect data and govern the use of computers?
Understand privacy issues and the key UK legislation, including the Data Protection Act, the Computer Misuse Act and copyright law.
A focused answer to AQA GCSE Computer Science 3.8, covering privacy issues and the key UK laws, including the Data Protection Act, the Computer Misuse Act and copyright law.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
AQA wants you to understand privacy issues raised by technology and the purpose of the key UK laws: the Data Protection Act, the Computer Misuse Act and copyright law.
Privacy
The Data Protection Act
The Computer Misuse Act
Copyright law
How the three laws fit together
The three laws cover different but complementary areas, and a single incident can involve more than one. Imagine an attacker who hacks into a company's server (Computer Misuse Act, unauthorised access), steals a database of customers' personal details (a Data Protection Act failure if the company stored them insecurely, and a further offence by the attacker), and then copies and sells the company's licensed software (copyright infringement). Keeping the laws straight is easiest if you remember the one word each protects: Data Protection protects personal data, Computer Misuse protects against unauthorised access, and copyright protects original creative work. In a scenario question, identify the action first, then name the matching law and say what it covers.
Why privacy matters more as technology grows
Privacy has become a bigger concern because technology makes personal data so easy to gather, store, combine and share, often without people realising. Websites track browsing, apps request location and contacts, and companies build detailed profiles from many small pieces of data. The risk is that data collected for one purpose is used for another, sold on, or leaked in a breach. This is why the Data Protection Act sets rules such as using data only for its stated purpose and keeping it secure, giving people some control over information held about them and holding organisations responsible for protecting it.
Try this
Q1. State the purpose of the Data Protection Act. [2 marks]
- Cue. To control how organisations collect, store and use personal data, requiring it to be handled fairly and securely.
Q2. State what the Computer Misuse Act makes illegal. [2 marks]
- Cue. Gaining unauthorised access to computer systems or data, such as hacking, and making unauthorised changes.
Exam-style practice questions
Practice questions written in the style of AQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
AQA 20194 marksState which UK law applies in each of the following cases and justify each choice: a person gains unauthorised access to a school's network; a student copies and sells a popular game; and a company stores customers' details insecurely so they are leaked.Show worked answer →
Unauthorised access to the network: the Computer Misuse Act, because it makes gaining unauthorised access to computer systems or data (hacking) a crime.
Copying and selling a game: copyright law, because the game is an original work protected by copyright, so copying, sharing or selling it without the owner's permission is illegal.
Storing customer details insecurely so they leak: the Data Protection Act, because it requires organisations to keep personal data secure and handle it properly, which storing it insecurely breaches.
Markers reward the correct law for each case with a justification tied to what that law covers, not just naming the laws.
AQA 20214 marksExplain what is meant by privacy in the context of digital technology, and describe two requirements the Data Protection Act places on organisations that hold personal data.Show worked answer →
Privacy is a person's right to control their own personal information and decide how it is collected, stored and used. Technology makes data easy to gather and share, so privacy is at risk if data is used in ways the person did not agree to.
Two requirements of the Data Protection Act: personal data must be kept secure (protected against loss or unauthorised access), and it must be used only for the stated, lawful purpose it was collected for. Other valid points: kept accurate, not kept longer than needed, handled fairly, with people having rights over their data.
Markers reward a clear definition of privacy and two distinct, correct requirements of the Act.
Related dot points
- Understand the ethical, legal and cultural issues raised by digital technology and how stakeholders are affected.
A focused answer to AQA GCSE Computer Science 3.8, covering the ethical, legal and cultural issues raised by digital technology and how different stakeholders are affected.
- Understand the environmental impact of digital technology, including energy use, e-waste and the use of finite raw materials, and how impacts can be reduced.
A focused answer to AQA GCSE Computer Science 3.8, covering the environmental impact of digital technology, including energy use, e-waste and finite raw materials, and how impacts can be reduced.
- Understand the methods used to keep a network secure, including authentication, encryption, firewalls and MAC address filtering.
A focused answer to AQA GCSE Computer Science 3.5.4, covering the methods used to keep a network secure, including authentication, encryption, firewalls and MAC address filtering.
- Understand the main cyber security threats, including the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
A focused answer to AQA GCSE Computer Science 3.6, covering the main cyber security threats, the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
Sources & how we know this
- AQA GCSE Computer Science (8525) specification — AQA (2020)