What privacy issues does the collection and use of personal data create?
The privacy issues raised by digital technology: what personal data is, how it is collected and used by organisations and websites, the risks to individuals, and the tension between convenience, security and privacy.
An OCR J277 1.6.1 answer on the privacy issues digital technology raises: what counts as personal data, how organisations and websites collect and use it, the risks to individuals, and the trade-off between convenience and privacy.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
OCR wants you to understand the privacy issues that come with modern digital technology: what personal data is, how organisations and websites collect it, what they do with it, the risks to individuals, and the constant trade-off between convenience and privacy. Privacy is one of the five impact categories, and it appears both in short questions and in the extended-response question on Paper 1.
What personal data is
How data is collected and used
A cookie is the example OCR returns to most often. A first-party cookie set by the site you are on can be useful, remembering your login or basket. A third-party cookie set by an advertiser embedded in many sites follows you around the web, building a picture of your interests, which is the part that worries privacy campaigners.
The risks to individuals
Convenience versus privacy
The thread running through this topic is a trade-off: the more personal data you share, the more useful and personalised a service becomes, but the more exposed you are if that data is misused or leaked. There is rarely a free lunch; a "free" app is often paid for with your data. Strong exam answers name this tension explicitly and then take a reasoned position, usually that organisations should collect only what they need (data minimisation), be transparent about it, keep it secure, and give users real control.
Try this
Q1. State what is meant by personal data and give two examples. [2 marks]
- Cue. Information that can identify a living individual, for example a name, address, date of birth, photo, location or IP address.
Q2. Explain what a cookie is and one privacy concern it raises. [2 marks]
- Cue. A small file stored on the user's device that tracks their browsing; the concern is being tracked across sites for advertising, or the data being shared with third parties, without the user realising.
Q3. Give one benefit and one privacy risk of a shop using a loyalty card scheme. [2 marks]
- Cue. Benefit: the customer gets discounts and the shop can offer relevant offers. Risk: the shop builds a detailed record of everything the customer buys, which could be shared or leaked.
Exam-style practice questions
Practice questions written in the style of OCR exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
OCR 20216 marksA social media app collects large amounts of personal data about its users. Discuss the privacy issues this raises, considering both the users and the company. You should include the benefits and drawbacks in your answer.Show worked answer →
A 6-mark levels-of-response question, so give a balanced discussion with developed points on both sides, not a list.
Benefits to users: a free service, personalised content and recommendations, and being able to connect with friends. Benefits to the company: data lets it target advertising precisely, which is how it earns money.
Drawbacks and risks: users often do not realise how much is collected (location, contacts, browsing, time spent). The data can be sold to third parties, used to manipulate what users see, leaked in a data breach, or used for identity theft. There is also the question of consent: agreeing to long terms and conditions nobody reads is not really informed consent.
Markers reward at least two developed points (point, consequence, who is affected) on each side and a conclusion, for example that the convenience is real but the company should collect only what it needs and be transparent about it.
OCR 20224 marksExplain two ways that a website might collect personal data about a visitor, and for each give one reason the visitor might be concerned.Show worked answer →
Award up to two marks per way (one for the method, one for the concern), to a maximum of four.
Cookies: small files stored on the visitor's device that track what they view across pages and visits. Concern: the visitor is tracked across sites for advertising without realising, or the data is shared with third parties.
Account and form data: information the visitor types in (name, email, address, payment details) when signing up or buying. Concern: if the site is hacked or careless, this data could be stolen and used for fraud or identity theft.
Other valid methods: tracking pixels, location data from the device, or recording IP addresses. Markers reward a clear method paired with a genuine privacy concern, not two versions of the same point.
Related dot points
- Legislation relevant to computer science: the Data Protection Act 2018, the Computer Misuse Act 1990, the Copyright, Designs and Patents Act 1988, and software licensing (open source versus proprietary).
An OCR J277 1.6.1 answer on the key computing laws: the Data Protection Act 2018, the Computer Misuse Act 1990 and its three offences, the Copyright, Designs and Patents Act 1988, and the difference between open source and proprietary software licensing.
- How to investigate and discuss computer science technologies while considering ethical, legal, cultural, environmental and privacy issues, and how to identify the stakeholders affected by a given technology.
An OCR J277 1.6.1 answer on how to investigate a digital technology against the five impact categories (ethical, legal, cultural, environmental and privacy), how to identify the stakeholders affected, and how to structure a balanced extended-response answer.
- The cultural impacts of digital technology: the digital divide, changes to work and jobs through automation, the effect of social media and the internet on behaviour and society, and issues of access and inclusion.
An OCR J277 1.6.1 answer on the cultural impacts of digital technology: the digital divide and unequal access, automation and the changing job market, the effects of social media and the internet on society, and issues of inclusion.
- The forms of attack on computer systems and networks: malware, phishing, social engineering, brute-force attacks, denial of service, data interception and theft, SQL injection, and people as a weak point.
An OCR J277 1.4.1 answer on the forms of attack on computer systems and networks: malware, phishing, social engineering, brute-force attacks, denial of service, data interception and theft, SQL injection, and people as the weak point.
- Methods to identify and prevent vulnerabilities: penetration testing, anti-malware software, firewalls, user access levels, passwords, encryption, physical security and network policies.
An OCR J277 1.4.2 answer on the methods used to identify and prevent vulnerabilities: penetration testing, anti-malware software, firewalls, user access levels, passwords, encryption, physical security and network policies.
Sources & how we know this
- OCR GCSE (9-1) Computer Science (J277) specification — OCR (2020)