UK law governing the use and misuse of computer systems has only been in existence for the last thirty years. Some of the laws are newer still as the use of technology grows around the world. You will need to know about:

  • The Data Protection Act 1998.
  • The Computer Misuse Act 1990.
  • The Copyright Design and Patents Act 1988.
  • The Regulation of Investigatory Powers Act 2000.

You can interpret these laws based on current laws, even if they have changed.

Exam Technique: A01, A02 and A03

Exam questions will be level of response questions which require you to know and apply the above laws. This includes considering moral implications. Note: simply stating these laws will not be awarded marks.


Data Protection Act 2018 and The General Data Protection Act

Both the Data Protection Act 2018 (UK law) and the General Data Protection Regulation (European law) regulate data protection and privacy for citizens. The UK has had to incorporate the GDPR but maybe not for much longer as a result of Brexit. The Information Commissioner’s Office (ICO) is an independent authority that oversees this regulation.

Who’s Who

You or I may be a Data Subject. This is the person whose has data is stored by companies or organisations where the data is outside of their control. You have the right of subject access and you can demand corrections. You have rights as to how your data is used. The Data Controller decides on what data is required by the organisation as well as how it is collected and stored. The person appointed by the crown within a an independent public body, who enforces the data protection act score of the Data Commissioner.

Types of Data Covered

Personal data is about the person e.g. name, bank details. Sensitive data includes even more personal data E.g. religion, political beliefs and is subject to more controls.

General data protection regulation

This is the European Union version of the DPA to standardise laws. The UK laws were already mostly in line but was brought fully in line in 2018. For example, data controllers must be able to prove this sufficiency of the data protection methods.


The Computer Misuse Act

This prevents unauthorised access to a computer system or digital materials with the intent to commit a further crime. It also covers unauthorised modification of data. As well as making, using or supplying tools to help someone commit these crimes.


Intellectual property covers original works that you create with your mind. Whether this is a story, artwork or even a symbol. This act prevents you from stealing or copying such intellectual property. You are automatically protected by copyright for your music, books, games, programs. This is the right you have over your own work. Patents are the right to decide how your invention might be used by others

RIPA - The Regulation of Investigatory Powers Act 2000

This law was created to monitor communications and Internet activities of suspected terrorists and other threats. These rights are awarded only to certain public bodies such as the police. But includes less obvious bodies such as the environment protection agency and the office of fair trading.

ISPs and Businesses have an obligation

ISPs must provide access to those digital communications and implement the surveillance of digital communications. Businesses must also do this.