Issues & Impact

Key Topics in Detail

The Law

Several UK laws are relevant to computer science. You need to know the key points of each for your exam. Being able to name the correct law and explain its key provisions is essential for high marks. Pay close attention to the differences between each law — students often confuse them.

Data Protection Act 2018 / UK GDPR

This law controls how personal data (any information that can identify a living person) is collected, stored, and used. It replaced the Data Protection Act 1998 and incorporates the EU’s General Data Protection Regulation (GDPR) into UK law.

Key principles — Personal data must be:

• Processed lawfully, fairly, and transparently
• Collected for a specific, stated purpose and not used for anything else
• Adequate, relevant, and not excessive — only collect what you actually need
• Accurate and kept up to date
• Not kept longer than necessary
• Kept secure (protected against unauthorised access, loss, or damage)

Your rights under the DPA 2018 / UK GDPR include:

• The right to access any personal data an organisation holds about you
• The right to have inaccurate data corrected
• The right to have your data deleted (“the right to be forgotten”)
• The right to object to your data being used for marketing
• The right to know what data is being collected and why

Real-world cases:

• Facebook / Cambridge Analytica (2018) — The political consulting firm Cambridge Analytica harvested personal data from millions of Facebook users without their consent. The data was used to build psychological profiles and target political advertisements during the 2016 US election and the EU referendum. Facebook was fined £500,000 by the ICO (the maximum under the old 1998 Act). This scandal was a major catalyst for stronger data protection enforcement worldwide.
• British Airways data breach (2018) — Hackers stole the personal and financial details of approximately 400,000 customers from the British Airways website and app. The ICO initially proposed a record £183 million fine under the new GDPR rules, which was later reduced to £20 million. The case demonstrated that organisations have a legal duty to keep customer data secure, and that failing to do so carries serious consequences.

Computer Misuse Act 1990

This law makes it illegal to access or modify computer systems without permission. It was introduced in response to growing cyber crime and has three main offences:

1. Unauthorised access to computer material — Accessing a computer system without permission (e.g. hacking into someone’s email). Up to 2 years in prison.
2. Unauthorised access with intent to commit a further offence — Hacking with the aim of committing another crime (e.g. accessing a bank system to steal money). Up to 5 years in prison.
3. Unauthorised modification of computer material — Changing data without permission (e.g. deleting files, planting a virus, encrypting data with ransomware). Up to 10 years in prison.

A later amendment added: Making, supplying, or obtaining tools for use in computer misuse offences (e.g. creating and distributing hacking tools or malware).

Real-world cases:

• Gary McKinnon (2001–2002) — A British systems administrator who hacked into 97 US military and NASA computers from his bedroom in London. He claimed he was looking for evidence of UFOs, but US authorities said he caused over £500,000 worth of damage by deleting critical files and shutting down military networks. The US sought his extradition, but in 2012 the Home Secretary blocked it on human rights grounds due to his Asperger syndrome diagnosis. The case highlighted the international reach of the CMA and the difficulty of prosecuting cross-border cyber crime.
• TalkTalk data breach (2015) — The telecoms company TalkTalk suffered a major cyber attack in which hackers accessed the personal data of nearly 157,000 customers, including bank account details. The attack was carried out partly by teenagers. TalkTalk was fined a then-record £400,000 by the ICO for failing to implement basic security measures. The company also lost over 100,000 customers and an estimated £60 million in costs. This case showed that both the attackers (prosecuted under the CMA) and the company (prosecuted under data protection law) could face legal consequences.

Copyright, Designs and Patents Act 1988

This law protects the creators of original work, including:

• Software and computer programs
• Music, films, and photographs
• Written content (books, articles, website text)
• Art and designs

It is illegal to copy, distribute, or modify someone’s copyrighted work without their permission. This includes pirating software, downloading films illegally, or copying code from a website without a licence. Penalties can include fines and imprisonment.

An important distinction exists between copyright and licensing. A copyright holder can choose to license their work under different terms. For example, a Creative Commons licence allows others to use and share work under certain conditions, while an open source software licence allows anyone to view and modify the source code. Understanding licensing is important for any computer scientist, as using code or content without an appropriate licence is a breach of copyright law.

Real-world cases:

• Napster (1999–2001) — Napster was one of the first widely-used peer-to-peer file-sharing services, allowing users to share MP3 music files for free. The Recording Industry Association of America (RIAA) sued Napster for facilitating mass copyright infringement. The courts ruled against Napster, and it was forced to shut down in 2001. The case established that platforms which enable copyright infringement can be held legally responsible, and it reshaped the entire music industry, eventually leading to legal streaming services like Spotify.
• The Pirate Bay (2009) — The founders of The Pirate Bay, a Swedish torrent website, were found guilty of assisting in copyright infringement. They were sentenced to one year in prison each and ordered to pay damages of approximately £2.7 million. Despite the convictions, the website continued to operate through mirror sites, illustrating how difficult it is to enforce copyright law on the global internet.

Freedom of Information Act 2000

This law gives the public the right to request information held by public authorities (such as government departments, the NHS, councils, police, and schools). The organisation must respond within 20 working days. Some information can be withheld if it relates to national security, personal data, or commercial interests.

The FOIA is an important tool for transparency and accountability. Journalists and members of the public regularly use it to uncover information about government spending, policy decisions, and public services. For example, FOI requests have revealed data about hospital waiting times, school inspection results, and local council expenditure. The Act does not apply to private companies — it only covers public bodies.

Regulation of Investigatory Powers Act 2000 (RIPA)

RIPA regulates the powers of public bodies to carry out surveillance and investigation. It covers the interception of communications (phone calls, emails, internet activity), the use of covert surveillance and informants, and the acquisition of communications data. RIPA was designed to ensure that surveillance is carried out lawfully and proportionately, but it has been criticised for giving authorities overly broad powers. It has since been supplemented by the Investigatory Powers Act 2016, which requires internet service providers to store records of websites visited by every citizen for 12 months.

Ethical Issues in Computing

Ethics in computing refers to the moral principles that guide decisions about how technology is designed, developed, and used. Unlike laws, which are enforced by authorities, ethics are about what should be done, not just what must be done. A technology can be perfectly legal but still raise serious ethical concerns. The following sections explore some of the most important ethical debates in modern computing.

AI Bias

Artificial intelligence systems learn from data. If that data contains biases (conscious or unconscious), the AI will reproduce and amplify those biases. For example:

• A recruitment AI trained on historical hiring data might discriminate against women if the company previously hired mostly men
• Facial recognition systems have been shown to be less accurate for people with darker skin tones because they were trained primarily on lighter-skinned faces
• Predictive policing algorithms may unfairly target certain communities based on biased historical crime data

The ethical question is: who is responsible when an AI makes a biased or unfair decision? The programmer? The company? The data provider? There is currently no clear legal framework for assigning responsibility in these cases, which is why governments around the world are developing AI regulation. The EU has proposed an AI Act that would classify AI systems by risk level and impose stricter rules on high-risk applications such as recruitment, healthcare, and law enforcement.

Autonomous Vehicles

Self-driving cars raise difficult moral questions. If an accident is unavoidable, how should the car decide what to do? Should it prioritise the safety of its passengers, or pedestrians? Who is legally responsible if an autonomous vehicle causes an accident — the passenger, the manufacturer, or the programmer who wrote the code?

These questions are not just theoretical. Several fatal accidents involving autonomous and semi-autonomous vehicles have already occurred. Current UK law requires a human driver to be in control at all times, but as the technology develops, the law will need to evolve. The UK government has been developing a framework for self-driving vehicles that considers questions of liability, insurance, and data protection.

Facial Recognition

Facial recognition technology can identify individuals from camera footage. It has legitimate uses (unlocking phones, finding missing persons, verifying identity at airports) but raises serious concerns:

• Mass surveillance without consent — Cameras equipped with facial recognition can track individuals as they move through public spaces without their knowledge or agreement
• Accuracy issues — Studies have shown the technology is significantly less accurate for people with darker skin tones and for women, raising serious discrimination concerns
• Potential for authoritarian misuse — In some countries, facial recognition is used to monitor and control citizens, suppress protests, and target minority groups
• The erosion of anonymity — The ability to move through public spaces without being identified is considered by many to be a fundamental right. Widespread facial recognition effectively removes this right

In 2020, the Court of Appeal ruled that South Wales Police’s use of automated facial recognition technology was unlawful because it did not adequately consider the impact on privacy and equality. This landmark ruling showed that even law enforcement must carefully balance the benefits of facial recognition against its risks to civil liberties.

Deepfake Technology

Deepfakes are AI-generated images, audio, or video that realistically imitate real people. The technology uses machine learning to swap faces, clone voices, or create entirely fabricated footage that is extremely difficult to distinguish from reality. Deepfakes raise several serious concerns:

• Misinformation — Deepfake videos of politicians or public figures saying things they never said could be used to manipulate elections and public opinion. During elections, a convincing fake video released at the right moment could influence millions of voters before fact-checkers have time to respond
• Identity theft and fraud — Criminals could use deepfake voice cloning to impersonate someone in phone calls to banks, employers, or family members. There have already been cases of fraudsters using AI-cloned voices to trick employees into transferring large sums of money
• Harassment — Deepfake technology has been used to create non-consensual intimate images of individuals, causing severe emotional harm. The UK’s Online Safety Act has made the sharing of such images a criminal offence
• Erosion of trust — If any video or audio recording can be faked, it becomes harder to trust genuine evidence, undermining journalism, the courts, and democratic debate. This is sometimes called the “liar’s dividend” — even real footage can be dismissed as a deepfake

Detecting deepfakes is an active area of research, but the technology is advancing faster than detection methods. Some experts argue that digital watermarking and content provenance standards (which track how and where digital content was created) may be more effective than trying to detect fakes after the fact.

Algorithmic Decision-Making

Algorithms increasingly make decisions that affect people’s lives — from determining who gets a loan or a job interview, to calculating insurance premiums, to deciding what content you see on social media. This raises important ethical questions:

• Accountability — If an algorithm denies someone a mortgage or a university place, who is responsible? The company? The developer? The algorithm itself?
• Transparency — Many algorithms are “black boxes” whose inner workings are not understood even by their creators. Should people have the right to an explanation of how an automated decision about them was made?
• Fairness — Algorithms trained on historical data can perpetuate existing inequalities. For example, if a postcode-based algorithm is used to set insurance prices, people in poorer areas may be charged more regardless of their individual circumstances.

Under the UK GDPR, individuals have the right not to be subject to decisions based solely on automated processing if those decisions significantly affect them. They also have the right to request human review of automated decisions.

A notable example occurred in 2020 when an algorithm was used to calculate A-level grades in England after exams were cancelled. The algorithm systematically downgraded students at state schools in disadvantaged areas while upgrading students at private schools. After widespread protests, the algorithm-generated grades were replaced with teacher-assessed grades. This case demonstrated the real-world harm that biased algorithms can cause and highlighted the importance of transparency and accountability in automated decision-making.

Net Neutrality

Net neutrality is the principle that all internet traffic should be treated equally by internet service providers (ISPs). Under net neutrality, ISPs cannot charge more for access to certain websites, slow down competitors’ services, or give priority to content from companies that pay extra.

• Arguments for net neutrality: It ensures a level playing field, so small businesses and start-ups can compete with large corporations. It protects free speech and innovation. Without it, ISPs could decide which websites load quickly and which do not, effectively controlling what people can access online. Imagine if your ISP slowed down a small independent news website because it could not afford to pay for “fast lane” access.
• Arguments against net neutrality: ISPs argue they should be able to manage their networks efficiently. Some say that charging more for high-bandwidth services (like video streaming) is fair because those services use more resources. Without regulation, ISPs could invest more in infrastructure. They also argue that some traffic management is necessary — for example, prioritising video calls for medical consultations over casual video streaming.

In the US, net neutrality rules were repealed in 2017, sparking intense debate. In the EU and UK, net neutrality protections remain in place, though they are subject to ongoing review. The debate is a good example of how technology policy involves balancing the interests of multiple stakeholders: consumers, businesses, ISPs, content creators, and regulators.

Right to Repair

The right to repair movement argues that consumers should be able to repair their own electronic devices, or take them to independent repair shops, rather than being forced to use the manufacturer’s expensive repair services. Many manufacturers make their devices deliberately difficult to repair by using proprietary screws, gluing components together, or refusing to supply spare parts.

• Arguments for: Reduces e-waste, saves consumers money, extends the useful life of devices, supports local repair businesses, and reduces dependence on manufacturers
• Arguments against: Manufacturers argue that opening devices could compromise safety and security, void warranties, and that complex modern devices require specialist knowledge to repair safely

The EU and several US states have introduced right-to-repair legislation, and there is growing pressure for the UK to follow.

Digital Addiction

Many technology platforms are deliberately designed to be as addictive as possible. Features like infinite scrolling, autoplay, push notifications, streaks, and “like” counts exploit psychological mechanisms to keep users engaged for as long as possible. This raises the question: are tech companies responsible for the addictive nature of their products?

• Research has linked excessive screen time to anxiety, depression, sleep disruption, and reduced attention spans, particularly in young people
• Some former tech executives have publicly stated that their products were designed to be addictive. One former Facebook executive described the platform’s feedback loops as “exploiting a vulnerability in human psychology”
• Governments are beginning to act — for example, the UK’s Online Safety Act places duties on platforms to protect children from harmful content and addictive design features
• Others argue that individuals bear personal responsibility for managing their own technology use, and that regulation risks limiting innovation and free expression
• Some technology companies have introduced “digital wellbeing” features (such as screen time reports and app timers), but critics argue these are largely cosmetic and do not address the underlying addictive design patterns

This is an area where the interests of different stakeholders clearly conflict: technology companies profit from maximising user engagement, while users (particularly young people) may suffer harm from excessive use. The question of where responsibility lies — with the individual, the company, or the regulator — is one of the most important ethical debates in modern computing.

Social Media Impact

Social media has transformed communication, but it also raises concerns:

• Mental health — Studies link excessive social media use to anxiety, depression, and poor body image, particularly among young people. Research by the Royal Society for Public Health found that platforms like Instagram and Snapchat had the most negative impact on young people’s mental health
• Misinformation — False information can spread rapidly, influencing elections and public health decisions. During the COVID-19 pandemic, the spread of health misinformation on social media was so significant that the World Health Organisation described it as an “infodemic”
• Cyberbullying — Online platforms can be used to harass and intimidate. Unlike traditional bullying, cyberbullying can happen 24 hours a day, reach a much wider audience, and be very difficult to escape
• Echo chambers — Algorithms show you content you already agree with, reinforcing existing views and making it harder to see other perspectives. This can polarise public opinion and make constructive debate more difficult
• Addiction — Platforms are designed to be as engaging as possible, using techniques like infinite scrolling and notifications to keep you coming back

Positive impacts of social media:

• Global connection — People can maintain relationships across distances and connect with communities that share their interests
• Civic engagement — Social media has been instrumental in organising social movements, raising awareness of injustice, and enabling political participation
• Creative expression — Platforms give individuals a space to share art, music, writing, and ideas with a global audience without needing a publisher or studio
• Access to information — Breaking news, educational content, and expert knowledge are more accessible than ever before
• Support networks — People dealing with health conditions, disabilities, or difficult circumstances can find communities of support online

Environmental Impact

Energy Consumption

• Data centres (which power cloud computing, streaming, social media, and AI) consume enormous amounts of electricity and require extensive cooling systems
• The IT industry accounts for an estimated 2–4% of global carbon emissions — similar to the aviation industry
• Streaming a single hour of video uses a surprising amount of energy across the network
• Cryptocurrency mining (e.g. Bitcoin) consumes vast amounts of electricity

Carbon Footprint of AI

Training large artificial intelligence models requires enormous computational power running for weeks or months. Researchers have estimated that training a single large AI model can emit as much carbon dioxide as five cars produce over their entire lifetimes. As AI becomes more widespread, its energy demands are growing rapidly. This has led to calls for “green AI” — developing more energy-efficient algorithms and training models using renewable energy sources.

Rare Earth Minerals

Modern electronic devices depend on rare earth minerals such as lithium, cobalt, tantalum, and neodymium. These are used in batteries, screens, circuit boards, and speakers. Mining these minerals causes significant environmental and human harm:

• Environmental damage — Mining operations can destroy habitats, contaminate water supplies, and release toxic chemicals into the soil
• Human cost — In some countries, particularly the Democratic Republic of Congo, cobalt is mined using child labour in dangerous conditions
• Limited supply — Many of these minerals are finite resources. As global demand for electronics grows, supply pressures will increase
• Geopolitical concerns — A small number of countries control most of the world’s supply, creating dependency and potential for conflict

Lifecycle of a Smartphone

Understanding the full lifecycle of a device helps illustrate the true environmental cost of technology:

1. Mining — Raw materials (lithium, cobalt, gold, copper, rare earth elements) are extracted from the ground, often in developing countries, causing habitat destruction and pollution
2. Manufacture — Components are assembled in factories, typically in East Asia, using large amounts of energy and water. The manufacturing process alone accounts for around 70–80% of a smartphone’s total carbon footprint
3. Transport — Finished devices are shipped globally, adding further emissions
4. Use — The phone consumes electricity for charging and relies on data centres and network infrastructure for its services
5. Disposal — When discarded, the device becomes e-waste. If not recycled properly, toxic materials can leach into the environment. Only a small percentage of materials in a typical smartphone are currently recovered through recycling

The average person in the UK replaces their smartphone every 2–3 years. Extending the life of a device by even one year significantly reduces its overall environmental impact. This is why the right to repair movement and the push against planned obsolescence are so closely linked to environmental sustainability — making devices last longer is one of the most effective ways to reduce the technology industry’s environmental footprint.

E-Waste

• Electronic waste (e-waste) is one of the fastest-growing waste streams in the world
• Devices often contain toxic materials (lead, mercury, cadmium) that can leach into soil and water if not disposed of properly
• Much e-waste from wealthy countries is shipped to developing nations, where it is processed in unsafe conditions
• Planned obsolescence — Some manufacturers deliberately design products to become outdated or stop working after a certain time, encouraging consumers to buy replacements

Net Zero and the Tech Industry

Net zero means achieving a balance between the greenhouse gases produced and the greenhouse gases removed from the atmosphere. Many major technology companies have pledged to reach net zero by 2030 or 2040. This involves:

• Powering data centres with renewable energy (solar, wind, hydroelectric)
• Improving the energy efficiency of hardware and software
• Investing in carbon offset programmes (such as tree planting or carbon capture technology)
• Designing products for longevity and recyclability rather than planned obsolescence
• Reducing the carbon footprint of supply chains, from raw material extraction to delivery

However, critics point out that many net zero pledges rely heavily on carbon offsets rather than genuine emissions reductions, and that the rapid growth of AI and cloud computing is increasing the industry’s energy demands faster than efficiency gains can compensate.

For students, understanding net zero is important because exam questions may ask you to evaluate whether technology companies are doing enough to reduce their environmental impact. A strong answer would acknowledge the positive steps being taken while critically assessing whether pledges are backed by meaningful action.

Benefits of Technology for the Environment

• Remote working — Reduces commuting, lowering transport emissions
• Smart energy systems — AI and IoT devices can optimise energy use in homes and businesses
• Environmental monitoring — Sensors and satellites track deforestation, pollution, and climate change
• Digital replacements — E-books, online banking, and digital tickets reduce paper and plastic waste
• Renewable energy management — Computers optimise the distribution of solar and wind power

Stakeholder Analysis

A stakeholder is anyone who is affected by, or has an interest in, a particular decision or technology. In your exam, you may be asked to identify and discuss the different stakeholders involved in a technology-related scenario. Good answers consider multiple perspectives and explain how different groups are affected in different ways.

How to carry out a stakeholder analysis:

1. Identify the stakeholders — Who is affected? Think broadly: users, non-users, businesses, employees, regulators, vulnerable groups, the wider community
2. Consider each perspective — How does each stakeholder benefit or lose? What are their concerns?
3. Evaluate conflicts — Where do the interests of different stakeholders clash?
4. Reach a conclusion — Weigh up the arguments and give your own reasoned opinion

Worked example: Social media age restrictions

Suppose the government is considering raising the minimum age for social media use from 13 to 16. Who are the stakeholders?

A strong exam answer would discuss several of these perspectives, identify where they conflict, and then offer a balanced conclusion supported by reasoning.

Other scenarios where stakeholder analysis is useful:

• A hospital introducing an AI diagnostic system — Stakeholders: patients, doctors, nurses, the hospital trust, the AI company, medical regulators, insurance companies
• A city installing smart CCTV with facial recognition — Stakeholders: residents, local businesses, the police, civil liberties groups, the technology provider, tourists
• A school banning mobile phones — Stakeholders: students, parents, teachers, the school leadership, mobile phone companies, child safety organisations

Practise identifying stakeholders for different scenarios — it is a skill that comes up frequently in exam questions and will strengthen any discussion answer.

Open Source vs Proprietary Software

Key Vocabulary

Make sure you understand and can use all of the following terms confidently in your exam answers. Using precise technical vocabulary demonstrates strong subject knowledge and helps you communicate your ideas clearly. Try covering the “Definition” column and testing yourself on each term.

Exam Tips for Issues & Impact Questions

This topic appears in every GCSE Computer Science paper, and the questions often carry high marks. Here is how to maximise your marks:

1. Always discuss both sides. Whether the question asks about surveillance, AI, environmental impact, or any other issue, the examiner wants to see a balanced argument. State the benefits, state the drawbacks, and then give your conclusion. Even if you feel strongly about one side, you must acknowledge the other perspective to earn full marks.
2. Name specific laws. Do not just say “this is against the law.” State which law — the Data Protection Act 2018, the Computer Misuse Act 1990, or the Copyright, Designs and Patents Act 1988. This shows precise knowledge and earns more marks. If relevant, mention who enforces the law (e.g. the ICO enforces data protection).
3. Use real-world examples. Mentioning cases like the Cambridge Analytica scandal, the British Airways data breach, or the TalkTalk hack demonstrates that you understand how these issues apply in practice. Even a brief reference to a real case makes your answer stand out.
4. Identify stakeholders. When discussing the impact of a technology or policy, explain how different groups are affected. Consider users, businesses, governments, vulnerable groups, and the wider community. This shows the examiner that you can think beyond the obvious.
5. Conclude with your own reasoned opinion. After presenting both sides, state what you believe and explain why. The examiner is looking for critical thinking, not just memorised facts. Phrases like “On balance, I believe…” or “Considering the evidence, the strongest argument is…” signal a mature, evaluative response.

Common command words in this topic:

• “Describe” — Give a clear, factual account. Say what something is or what it does.
• “Explain” — Say what something is and why it matters. Give reasons and consequences.
• “Discuss” — Present multiple viewpoints, consider arguments for and against, and reach a conclusion. This is where stakeholder analysis and real-world examples are most important.
• “Evaluate” — Weigh up the strengths and weaknesses and make a judgement. Similar to “discuss” but with a stronger emphasis on your conclusion.

Video Resources

These Craig 'n' Dave videos cover the ethical, legal, environmental, and emerging technology topics you need to know.

Past Paper Questions

Practise these exam-style questions. Click each question to reveal the mark scheme.