Privacy issues in digital technology
Privacy is the right of individuals to control information about themselves. Digital technology has made it easier than ever to collect, store and share personal data — often without people's full awareness. AQA GCSE requires you to understand tracking, profiling, biometric data, the right to be forgotten, informed consent and lawful data sharing.
Tracking
Tracking is the collection of data about a person's activities, location or behaviour over time.
Methods:
| Method | How it works |
|---|---|
| Cookies | Small files stored in the browser; websites use them to remember users and track visits across sessions |
| Browser fingerprinting | Identifying a user by unique combination of browser/OS/plugins/screen resolution |
| IP address logging | Websites record visitor IP addresses; can reveal approximate location |
| GPS location | Apps request location permissions and record movements |
| Purchase history | Loyalty cards and payment data reveal shopping habits |
| Social media | Likes, follows and posts tracked to infer interests, political views, health status |
Concern: Users are often unaware of the extent of tracking. Data collected in one context (e.g. health app) may be shared with third parties in unexpected ways.
Profiling
Profiling is building a detailed picture of an individual from aggregated data.
Profiles are used for:
- Targeted advertising — showing ads based on inferred interests
- Credit scoring — banks assess lending risk from financial behaviour
- Insurance pricing — health and lifestyle data affects premiums
- Political messaging — parties target voters with personalised content (Cambridge Analytica scandal)
- Employment screening — employers search social media before interviews
Concerns:
- Profiles may contain inaccurate inferences
- People cannot see or correct their profiles in many cases
- Discrimination can arise from automated profiling decisions
Biometric data
Biometric data is physiological or behavioural data that uniquely identifies a person.
Examples: fingerprints, facial geometry, iris scans, voice recognition, gait analysis, DNA.
Uses:
- Unlocking phones
- Border control and passport gates
- Employee time and attendance systems
- Law enforcement databases
Why biometrics raise privacy concerns:
- Unlike a password, you cannot change your fingerprint or face if it is compromised
- Large-scale facial recognition in public spaces enables mass surveillance
- Biometric databases are high-value targets for hackers
- Under GDPR/DPA 2018, biometric data is special category data requiring explicit consent
The right to be forgotten
The right to erasure (often called "right to be forgotten") is enshrined in the DPA 2018 / GDPR. Individuals can request that organisations delete their personal data when:
- The data is no longer necessary for the original purpose
- Consent has been withdrawn
- The data was unlawfully processed
- A legal obligation requires deletion
Limitations:
- Does not apply when there is a legitimate legal reason to keep the data (e.g. tax records, public-interest journalism)
- Technically difficult — data may have been copied or cached by third parties
- Search engines must delist certain URLs from results (Google receives thousands of such requests monthly)
Informed consent and lawful data sharing
Informed consent means a person must be clearly told:
- What data is being collected
- How it will be used
- Who it will be shared with
- How long it will be kept …before they agree to its collection. Pre-ticked boxes and buried terms do not constitute valid consent under DPA 2018.
Lawful bases for data sharing (DPA 2018):
- Consent — freely given, specific, informed and withdrawable
- Contract — processing necessary to fulfil a contract
- Legal obligation — required by law
- Vital interests — to protect life
- Public task — official functions
- Legitimate interests — proportionate business need
Data can only be shared with third parties if there is a lawful basis. Selling personal data without consent is illegal.
Balancing privacy and other values
Privacy sometimes conflicts with:
- Security — governments argue surveillance prevents terrorism
- Convenience — personalised services require data collection
- Public health — contact tracing apps share location/contact data
The key principle: data minimisation — collect only what is genuinely needed, and use it only for the stated purpose.
AI-generated · claude-opus-4-7 · v3-deep-computer-science