You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Computing does not happen in a vacuum. Every technology that stores personal data, automates a job, connects a billion people or trains a model on the open web has consequences — for individuals, communities, cultures and the planet — that reach far beyond the code itself. A-Level Computer Science asks you to reason about these consequences analytically and even-handedly: to weigh benefits against harms, to recognise that most issues involve genuine trade-offs rather than a simple right and wrong, and to know the legal framework that society has built to govern computing. This lesson surveys the moral, ethical, social, cultural, legal and environmental dimensions of computing using real, current examples discussed neutrally, then sets out the four key Acts of UK law you must know — what each covers, and a scenario for each.
This lesson covers the consequences-of-computing area of the AQA A-Level Computer Science (7517) specification:
This area is assessed largely through extended-response (essay) questions that reward structured argument, balance and well-supported judgement, so the emphasis here is on reasoning rather than calculation.
Before the substance, a word on method, because it is what separates top-band answers. The examiner is not looking for opinion or outrage but for analysis and balance:
A final point on register and evidence: examiners explicitly penalise one-sided or emotive writing in this area. Phrases such as "technology is destroying society" or "AI will obviously fix everything" signal an unbalanced answer regardless of how strongly felt. The mark is earned by demonstrating that you can hold both the benefit and the harm of a development in view at once, attribute each to the right stakeholders, and only then offer a measured judgement. This is the same analytical discipline expected in any essay subject — it is simply applied to computing.
We now apply this to each of the six dimensions.
The categories overlap — a single technology often raises several at once — but it helps to consider each lens in turn.
Moral issues concern right and wrong conduct; ethical issues concern the principles professionals and organisations ought to follow. In computing these arise constantly:
Social issues concern the effects on how people live and interact:
Cultural issues concern effects on shared values, identity and ways of life:
Legal issues concern where computing meets the law — addressed by the four Acts below — covering data protection, unauthorised access, intellectual property and lawful surveillance. A recurring theme is that technology often outpaces legislation: lawmakers struggle to keep statutes current with AI, cryptocurrencies, deepfakes and cross-border data flows, so the legal framework is continually playing catch-up. The Computer Misuse Act, for instance, was passed in 1990 — before the web existed in any recognisable form — yet still has to be stretched to cover modern offences it was never written to anticipate.
A further legal complication unique to computing is jurisdiction. The internet is global, but laws are national: data about a UK citizen may be stored on a server in another country, processed by a company headquartered in a third, and accessed by an attacker in a fourth. Which country's law applies, and how it can be enforced across borders, is genuinely difficult — a UK Act cannot easily compel a foreign operator, and conduct that is illegal in one country may be lawful in another. This is why data-protection rules increasingly govern the transfer of personal data abroad, and why international cooperation is needed to prosecute cybercrime. The lesson for an analytical answer is that "there ought to be a law against it" is rarely the whole story: a law must also be enforceable against actors who may be beyond the reach of the courts that made it.
Environmental issues concern computing's physical footprint, which is substantial and growing:
Exam Tip: In an essay, do not simply list issues. Pick the most relevant, and for each present both sides and a reasoned judgement. "AI improves diagnostic speed (benefit) but its training data can embed bias, raising accountability questions (harm); on balance, deployment is justified only with auditing and human oversight (judgement)." That benefit–harm–judgement shape is what lifts an answer into the top band.
UK law addresses computing through four central statutes. You must know what each covers and be able to apply it to a scenario.
| Act | Year | Governs / makes an offence of | Key idea |
|---|---|---|---|
| Data Protection Act | 2018 | How personal data about living people is collected, stored and processed (implements the UK GDPR) | Protects individuals' personal data and privacy |
| Computer Misuse Act | 1990 | Unauthorised access to computer systems and data; hacking; malware | Makes hacking and unauthorised access criminal |
| Copyright, Designs and Patents Act | 1988 | Intellectual property — copying/distributing software, music, images, text without permission | Protects creators' rights in their work |
| Regulation of Investigatory Powers Act | 2000 | Lawful interception and surveillance of communications by public bodies | Regulates state surveillance powers |
A frequent exam trap is confusing the first two: the Data Protection Act governs how organisations handle personal data they are entitled to hold, whereas the Computer Misuse Act is about gaining access you were never authorised to have. Keep "data handling" versus "unauthorised access" firmly distinct.
The Data Protection Act 2018 governs the processing of personal data — information relating to an identifiable living individual — and implements the UK General Data Protection Regulation (UK GDPR) in domestic law. It sets out principles that organisations ("data controllers") must follow: personal data must be processed lawfully, fairly and transparently; collected for specified purposes and not used beyond them; adequate, relevant and limited to what is necessary (data minimisation); accurate and kept up to date; not kept longer than necessary; and kept secure. It grants individuals ("data subjects") rights, including the right to be informed, the right of access to their data, the right to rectification, the right to erasure ("right to be forgotten"), and rights around automated decision-making. The regulator is the Information Commissioner's Office (ICO), which can levy substantial fines.
Scenario. An online retailer suffers a breach because it stored customers' names, addresses and payment details in an inadequately secured database, and it had also been keeping data of customers who closed their accounts years earlier. Under the DPA 2018 the retailer has breached the security principle (failing to protect the data) and the storage-limitation principle (keeping data longer than necessary). Affected individuals may exercise their rights, and the ICO can investigate and impose a fine. (Note: the wrongdoing here is the retailer's handling of data it was entitled to collect — contrast the next Act.)
The Computer Misuse Act 1990 criminalises unauthorised access to computer material. It defines (in broad terms) three principal offences of increasing seriousness:
The Act is what makes hacking, malware authorship and unauthorised data tampering criminal, regardless of whether financial loss results.
Scenario. An employee discovers a colleague's password and logs into the company HR system to read salary records they are not permitted to see. Even though they damaged nothing and stole nothing, simply accessing a system they were not authorised to use is an offence under section 1 of the Computer Misuse Act 1990. If they had gone on to alter records or plant malware, the more serious offences would apply. (Contrast the DPA: here the issue is access the person was never entitled to, not how authorised data was handled.)
The Copyright, Designs and Patents Act 1988 protects intellectual property — the rights of creators in their original work. In computing it covers software, source code, music, films, images, written content and databases: copying, distributing, adapting or publishing such work without the rights-holder's permission is an infringement. Copyright arises automatically on creation (no registration needed) and lasts for a defined period. The Act underpins software licensing (proprietary licences, and notably open-source licences, which use copyright to grant freedoms under conditions) and makes software piracy, illegal file-sharing and plagiarism of code unlawful.
Scenario. A developer copies large sections of source code from a commercial library — or a user downloads and shares copyrighted films and music — without a licence or permission. Both infringe copyright under the CDPA 1988, exposing them to civil action (and, for commercial-scale piracy, criminal penalties). Conversely, the Act is what lets an open-source author require that anyone redistributing their code keeps it open — copyright enabling sharing on the author's terms.
The Regulation of Investigatory Powers Act 2000 (RIPA) regulates the powers of public bodies to carry out surveillance and the interception of communications. It sets out when and how authorities (such as the police and security services) may lawfully intercept communications, access communications data, and conduct covert surveillance, and it requires appropriate authorisation for each. Its purpose is to balance the legitimate needs of law enforcement and national security against individuals' right to privacy — and it has been the focus of ongoing public debate about the proper limits of state surveillance, illustrating directly the privacy-versus-security trade-off.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.