Legal issues and key UK legislation
The UK has three key pieces of legislation that govern how digital technology is used, along with Creative Commons licensing for creative works. Every GCSE Computer Science student needs to know what each one covers.
Data Protection Act 2018 (DPA 2018)
The DPA 2018 incorporates the EU's General Data Protection Regulation (GDPR) into UK law. It controls how personal data (any information that can identify a living person) is collected, stored and used.
Key principles — personal data must be:
- Processed lawfully, fairly and transparently
- Collected for specified, explicit, legitimate purposes only
- Adequate, relevant and limited to what is necessary
- Accurate and kept up to date
- Kept no longer than necessary
- Processed securely
Rights of individuals:
- Right to access data held about them
- Right to have inaccurate data corrected
- Right to erasure ("right to be forgotten")
- Right to object to processing
Who enforces it: The Information Commissioner's Office (ICO). Fines can reach £17.5 million or 4% of global turnover.
Example: A school stores student exam results. Under DPA 2018, this data must be kept secure, used only for educational purposes, and deleted when no longer needed.
Computer Misuse Act 1990 (CMA)
The CMA makes it illegal to access or modify computer systems without authorisation.
Three offences:
| Offence | Example | Maximum sentence |
|---|---|---|
| Unauthorised access to computer material | Guessing someone's password to read their emails | 2 years |
| Unauthorised access with intent to commit further offences | Hacking a bank to commit fraud | 5 years |
| Unauthorised modification of computer material | Releasing malware; deleting files; installing ransomware | 10 years |
The Act has been updated to also cover denial-of-service attacks.
Who is affected: Hackers, but also employees who access systems beyond their authorisation, or anyone who installs software without permission.
Copyright, Designs and Patents Act 1988 (CDPA)
The CDPA protects original creative works — including software, music, films, images and text. The creator automatically owns copyright; they do not need to register.
What it means for computing:
- Copying, distributing or modifying software without a licence is illegal
- Downloading pirated films or music is illegal
- Using copyrighted images on a website without permission is illegal
- Copyright lasts the creator's lifetime + 70 years
Software licences:
- Proprietary/commercial — pay for a licence; usually cannot modify
- Open source — free to use/modify, but must follow the licence terms (e.g. GPL)
- Freeware — free to use but cannot modify
Creative Commons
Creative Commons CC is a licensing system that lets creators share work legally with specific permissions. It sits within copyright law — creators choose how their work can be used.
Common CC licence elements:
- BY — must credit the creator
- SA (ShareAlike) — derivatives must use the same licence
- NC (NonCommercial) — may not be used for commercial purposes
- ND (NoDerivatives) — cannot create derivative works
Example: CC BY-NC means you can use the image freely if you credit the creator and don't sell it.
Exam tip
Questions often ask you to identify which law applies to a given scenario:
- Data collected/stored about people → DPA 2018
- Hacking, malware, unauthorised access → CMA 1990
- Copying software/music/images without permission → CDPA 1988
AI-generated · claude-opus-4-7 · v3-deep-computer-science