Issues of privacy

Quick links




Ethical impacts


Legal impacts


Environmental impacts


Issues of privacy



Syllabus content

Content   Additional Information

Explain the current ethical, legal and environmental impacts and risks of digital technology on society. Where data privacy issues arise these should be considered.



Exam questions will be taken from the following areas:

  • cyber security
  • mobile technologies
  • wireless networking
  • cloud storage
  • theft of computer code
  • issues around copyright of algorithms
  • cracking
  • hacking
  • wearable technologies
  • computer based implants.

Students will be expected to understand and explain the general principles behind the issues rather than have detailed knowledge on specific issues.

Students should be aware that ordinary citizens normally value their privacy and may not like it when governments or security services have too much access.

Students should be aware that governments and security services often argue that they cannot keep their citizens safe from terrorism and other attacks unless they have access to private data.


Privacy concerns in the digital world

Considering the full spectrum of privacy, people need to ask themselves if they are comfortable with all their characteristics in the public domain

While the argument applies to some problems, it represents a very narrow way of looking at privacy, especially given the array of privacy problems mixed up in government data collection and use beyond surveillance and disclosure. The “nothing to hide” argument, ultimately, has nothing to say.

A European paper issued by Michael Friedewald distinguishes seven types of privacy:

  • Privacy of the person encompasses the right to keep body functions and body characteristics (such as genetic codes and biometrics) private;
  • Privacy of behaviour and action includes sensitive issues such as sexual preferences and habits, political activities and religious practices;
  • Privacy of communication aims to avoid the interception of communications, including mail interception, the use of bugs, directional microphones, telephone or wireless communication interception or recording and access to email messages;
  • Privacy of data and image includes concerns about making sure that individuals’ data is not automatically available to other individuals and organisations and that people can “exercise a substantial degree of control over that data and its use”;
  • Privacy of thoughts and feelings refers to the right not to share their thoughts or feelings or to have those thoughts or feelings revealed. Individuals should have the right to think whatever they like;
  • Privacy of location and space means individuals have the right to move about in public or semi-public space without being identified, tracked or monitored;
  • Privacy of association (including group privacy) is concerned with people’s right to associate with whomever they wish, without being monitored.

Considering the full spectrum of privacy, people must ask themselves: Are you sure you are comfortable with all of your characteristics in the public domain?

For example, do you want people to know where you spend your time - and who you like to spend it with? If you called a substance abuse counsellor, a suicide hotline or a divorce lawyer? What websites you read daily? The religious and political groups to which you belong?

Key privacy questions

Furthermore, as big data grows, enterprises need a robust data privacy solution to help prevent breaches and enforce security in a complex IT environment. In an Isaca whitepaper entitled Privacy and Big Data, we identify key questions that enterprises must ask and answer, which – if ignored – expose the enterprise to greater risk and damage. Here are five of them:

Can we trust our sources of big data?

  • What information are we collecting without exposing the enterprise to legal and regulatory battles?
  • How will we protect our sources, our processes and our decisions from theft and corruption?
  • What policies are in place to ensure that employees keep stakeholder information confidential during and after employment?
  • What actions are we taking that create trends that can be exploited by our rivals?
  • The problem is, the internet is a worldwide network and everything must be developed for a global environment without national borders. Many users approve a privacy policy without reading it, and many of these policies are vague guidelines where it is completely impossible for users to foresee the scope and content of their consent to the processing of their data. The consent to this agreement is mandatory to access the service. Consequently, users have no choice if they want to use it.

Shifting privacy standards

Furthermore, the service provider may change this policy. Everybody remembers the Instagram case. In December 2012, Instagram said it had the perpetual right to sell users' photographs for advertising purposes without payment or notification. Due to the strong reaction, Instagram backed down.

This brings to the forefront the fact that many consumers are poorly educated about how their personal data is collected by companies and are unsure about what it is actually used for. Investigation into the recent implementation of the EU Cookie Law has highlighted how misinformed consumers in Europe are.

In an April 2013 polling by Deloitte, UK web users polled said they had never heard of the EU cookie law. Only 15% of respondents said they knew at least a fair amount about it. This is surprising, given that an initial warning banner appears on UK websites informing the user if the site uses cookies.

In response to cookie banners, 56% of users said they either accepted or agreed to the site using cookies, or ignored the notices and simply carried on. Another 17% said they typically did not give permission for cookies, even if it meant not using the site. This corresponds closely to the percentage of those who said they generally browsed the internet with cookies disabled.

Google Glass

All of this is soon to be compounded by wearable technology, such as Google Glass, which is essentially a phone in front of your eyes with a front-facing camera. A heads-up display with facial recognition and eye-tracking technology can show icons or stats hovering above people you recognise, give directions as you walk and take video from your point of view.

In July 2013, Google published a new, more extensive FAQ on Google Glass. There are nine questions and answers listed under a section named Glass Security & Privacy, with several concentrating on the camera and video functionality.

But, crucially, this does not solve other privacy concerns.

Google Glass tracks your eye movements and makes data requests based on where you are looking. This means the device collects information without active permission. Eye movements are largely unconscious and have significant psychological meanings. For example, eye movements show who you are attracted to and how you weigh your purchase options when shopping.

How many of you will turn off your Glass while punching in your PIN? How about when a person's credit card is visible from the edge of your vision? How about when opening your bills, filing out tax information or filing out a health form? Remember that computers can recognise numbers and letters blazingly fast – even a passing glance as you walk past a stranger's wallet can mean that the device on your face learns his/her credit card number. All of this information can be compromised with a security breach, revealing both the information of the one using Google Glass and the people they surround themselves with.

On 4 July 2013, Chris Barrett, a documentary filmmaker, was wearing Google Glass for a fireworks show in Wildwood, New Jersey, when he happened upon a boardwalk brawl and subsequent arrest. The fact that the glasses were relatively unnoticeable made a big difference: "I think if I had a bigger camera there, the kid would probably have punched me," Barrett said. The hands-free aspect of using Google Glass to record a scene made a big difference.

Privacy: Intrinsic right or social construct?

Privacy is entering a time of flux and social norms and legal systems are trying to catch up with the changes that digital technology has brought about. Privacy is a complex construct, influenced by many factors, and it can be difficult to future-proof business plans so they keep up with evolving technological developments and consumer expectations about the topic.

One way to ensure there are no surprises around privacy is by seeing it not as a right, but rather as an exchange between people and organisations, bound by the same principles of trust that facilitate effective social and business relationships.

This is an alternative to the approach of "privacy as right" that instead positions privacy as a social construct to be explicitly negotiated so it is appropriate to the social context in which the exchange takes place.

Isaca notes that enterprises eager to reap the benefits of big data and its vast potential must also recognise their responsibility to protect the privacy of the personal data gathered and analysed with big data. Risk management and maintaining adequate mechanisms to govern and protect privacy need to be major areas of focus in any big data initiative.

The lengthy privacy policies, thick with legalese that most services use now, will never go away, but better controls will, and should, emerge. Whatever tools are used to protect and collect personal data in the future, it will be important for companies such as Facebook and Google to educate their consumers and to provide them with options for all levels of privacy.


The 5 biggest online privacy threats of 2013

By Melissa Riofrio Executive Editor, PCWorld

Your online life may not seem worth tracking as you browse websites, store content in the cloud, and post updates to social networking sites. But the data you generate is a rich trove of information that says more about you than you realize—and it’s a tempting treasure for marketers and law enforcement officials alike.

Battles have long raged over how third parties can access and use your data. This year, your online privacy faces new threats, as a result of emerging technologies and new regulatory efforts that could affect how your Web-based life is protected... or exposed.

“It’s totally invisible to users. They have no idea what’s happening.”

The nature of online activity compounds the privacy problems we already experience in the material world. Every move we make on our PCs, smartphones, and tablets turns into a data point that trackers can easily collect and share. And you effectively agree to such collecting and sharing whenever you sign up for an online service and accept its privacy policy.

“There’s a pretty big disparity between what folks think their privacy rights are online and what they actually are online,” says legislative counsel Chris Calabrese of the American Civil Liberties Union. “They mistake a privacy policy for meaning that they have privacy. That policy is frequently a way to describe the rights you don’t have.”

Federal law may or may not mitigate the privacy threats. Efforts to update the Electronic Communications Privacy Act (ECPA) aim to make your online data harder to collect and share. Meanwhile, proposed legislation called the Cyber Intelligence Sharing and Protection Act (CISPA) could make it easier to obtain.

As you watch your privacy being kicked around like a football in a scrum, pay close attention to the following five major threats.

#1: Cookie proliferation

The invisible cookie software agents that track your browsing habits and personal data are likely to multiply in 2013. Advertising networks, marketers, and other data profiteers depend on cookies to learn more about who you are—and what you may be interested in buying. Unless legislation imposes legal restraints on Web-browser tracking, your system is likely to accumulate more cookies than you’d find in a box of Chips Ahoy.

Cookies have been proliferating at a rate that would impress epidemiologists. “Five to ten years ago, if you opened in your browser, you’d get a cookie from the New York Times, maybe a couple, and that would basically be it,” says staff technologist Dan Auerbach of the Electronic Frontier Foundation. “Today you get probably on the order of 50 cookies from all sorts of third parties: ad servers, data brokers, trackers. They can build up this big profile about your browsing history.”

The worst part, says EFF’s Auerbach: “It’s totally invisible to users. They have no idea what’s happening.”

Marketers say that they keep user data private by viewing it only in aggregate, but the sheer volume of data a cookie can collect about any one person can enable the cookie’s owner to infer a surprising amount about the individuals being tracked. As a 2010 report by Gartner found, “the more that personal information can be correlated, the less it is possible to completely anonymize.”

Cookies; Browser cookies are proliferating, with dozens lurking on a typical webpage

But while cookies appear to be going viral, help may be on the way. In 2012, the Obama Administration proposed a Privacy Bill of Rights that would include Do Not Track legislation, so that consumers could choose whether and when to be tracked. Do-not-track mechanisms are being built into major Web browsers, such as Mozilla’s Firefox. The Do Not Track concept still has no legal support, however. Marketers, many of whom claim that tracking data is essential to their business, remain free to ignore Do Not Track efforts—or build ways around them.

“Do Not Track has no teeth right now,” says EFF’s Auerbach. “If you set it in your browser, you should not expect to gain significant privacy.” Nonetheless, John M. Simpson, director of the Privacy Project at Consumer Watchdog, sees promise in new legislative efforts—specifically, the Do-Not-Track Online Act of 2013. “I think this may be the only way to get meaningful protection for consumers,” says Simpson.

#2: Seizing cloud data


Data stored in the cloud isn’t legally protected in the same way that it would be if it were located on a storage device you own.

You love how easy it is to grab data from the cloud—and so do law enforcement agencies. And there’s only going to be more of that data to love in coming years: Gartner predicts that 36 percent of U.S. consumer content will be stored in the cloud by 2016.

But whether you use a Web-based email service, keep files in Google Drive, or upload photos to Shutterfly, everything you write, upload, or post gets stored in a server that belongs to the online service, not to you. And because of outdated rules enumerated in the ECPA, this cloud-based data is vulnerable to a privacy loophole so big that a Google self-driving car could roll through it.

“A huge concern about using the cloud is that your data does not have the same Fourth Amendment protections that it would have if it were stored in a desk drawer or even your desktop computer,” says Consumer Watchdog’s Simpson.

One key reason that privacy advocates and some legislators are trying to update the ECPA this year is that the current law treats data stored on a server for more than 180 days as abandoned. This statutory assumption is a vestige of a time when servers held data only briefly before shunting it off to a local computer. Furthermore, the law’s definition of such data is vague enough to cover not just email messages—a popular target of law enforcement agencies—but (potentially) other kinds of data stored on servers. Now that so much data resides on servers owned by cloud-based services, and so many people keep content in the cloud for years, a lot of long-stored files that people haven’t abandoned could be fair game for Big Brother.

Law-enforcement agencies are requesting cloud-based data with increasing (and unsettling) frequency. Google’s Transparency Report graphs a 70 percent increase in such requests over a span of three years, from 12,539 requests in the last six months of 2009 to 21,389 requests in the last six months of 2012.

“The only true protection is to understand that anything you put up there can be accessed by somebody else.”

Cloud services aren’t just rolling over, though. For example, Google might comply with a subpoena to reveal the name, contact information, and login records of a Gmail subscriber. But Google would insist that the requesting authority obtain a court order requiring Google to provide greater levels of detail, such as the mail header for a message. In addition, Google would demand to see a search warrant before giving government investigators access to actual email content. Tellingly, the percentage of information requests that Google has fulfilled has dropped slightly over time, from about 75 percent in 2010 to about 66 percent in 2012. Twitter’s transparency reporting site offers similarly enlightening reading.

Law-enforcement interests have scuttled past attempts to update ECPA, so it’s hard to say whether the current efforts will get any farther. “The only true protection is to understand that anything you put up there can be accessed by somebody else,” says Consumer Watchdog’s Simpson. “If you don’t want that to happen, don’t put it in the cloud.”

#3: Location data betrayal

Call it the end of the easy alibi: Location data will make it increasingly difficult for you to wander around the world without someone knowing exactly where you are at any given time. Your cell phone is the primary tattletale, but the location data you post to social networking sites are revealing sources, too. Pinpointing your whereabouts will get easier still as other location-beaming devices come online, from smarter cars to smarter watches to Google Glass.

“When you leave your house and go to a friend’s house, run errands, go to work, visit a lover—whatever it is you do—if your geolocation is tracked and recorded, that’s a lot of information about you,” says senior policy analyst Jay Stanley, of ACLU’s Speech, Privacy and Technology Program.

Armed with this data, advertisers might (for example) send you promotions for nearby businesses, wherever you are. The result could be a nice surprise—or not. According to a 2011 report by Gartner, “forty-one percent of consumers say they would be concerned about privacy if they were to use mobile location services so that they can receive more targeted offers through advertising or loyalty programs.”

Your cell phone is a prime source of personal location data.

You’d be even less pleased if law enforcement officials, your employer, or your ex-spouse’s private detective used location data to keep tabs on you. Lillie Coney, associate director of the Electronic Privacy Information Center, points out that an employer-owned device “lets your employer track you, on and off the job. What kind of consequences and profile data are based on your geolocation, based on the course of your time in or out of work, where you are, how late you are?”

And as with cloud-based data, the legal requirements for obtaining location data from your mobile service provider are not terribly stringent. According to EFF staff attorney Jennifer Lynch, “It’s pretty easy for the government to get access to the location data, and very hard for users to prevent that data from being gathered.”

There may not be much you can do about your employer. EFF’s Lynch says that reining in the government’s zeal for location data may be tough as well. “It’s such a useful tool for law enforcement to get access to this info, there’s a lot of pushback,” Lynch says.

Calabrese of the ACLU says that updating the ECPA is a crucial step in making location data less open to scrutiny. “A lot of location info is flying around, and that’s why it’s so critical to get legal protection. You should be able to use a cell phone without worrying about being tracked.”
#4: Data never forgets a face

Posting and tagging photos online may feel like innocent fun, but behind the scenes it helps build a facial recognition database that makes escaping notice increasingly difficult for anyone.

“Most consumers are already in the largest facial recognition database in the world, and that’s Facebook,” says EFF's Lynch. Indeed, the immense quantity of photos uploaded to Facebook makes it the poster child—or rather, giant—for the privacy issues surrounding this technology.

In testimony before the Senate Judiciary Committee in July 2012, Lynch described how Facebook users were, at the time, uploading about 300 million photos to the social networking site every day. Facebook uses the tags associated with those photos to build ever-more-detailed “faceprints” of what you and your friends look like from every angle.

Facebook is a generous source of face-recognition data, and now Facebook home, announced last Thursday, could spill even more location data than in the past.

If Facebook used this data strictly to help you find other people you know on Facebook, it might be okay. But Lynch says that when Facebook sells user data to third parties, photo data may be included—and the sanctity of the data afterward is uncertain. “Facebook says it takes care to protect the data, but we don’t know how they do it,” she says.

Lynch’s 2012 Senate testimony also noted that the government has reviewed or requested Facebook data for purposes as varied as citizenship applications, criminal cases, and security checks. “We know that law enforcement asks for this information from Facebook,” Lynch said recently. “They don’t just ask for your post, but all photos you’ve been tagged in.” Access to Facebook data allows law enforcement officials to move beyond the blunt instrument of a mug shot or a driver’s license photo to find people much more easily.

And Facebook isn’t the only source of facial-recognition data. Companies such as Google and Apple have facial-recognition technology built into some of their applications, too—most notably online photo sites. According to John Simpson of Consumer Watchdog, “Someone can take a photo of you and then track you down based on other identified photos of you that may have been posted on the Web. It’s scary and opens very real dangers of being stalked.”

The future of facial recognition offers scant comfort. Continued advances in surveillance technology, including drones and super-high-resolution cameras, will make identifying individuals in public places easier than ever, especially if the entity doing the surveillance has a nice, fat, facial-recognition database to consult. As in connection with other cloud-based data, revisions to the ECPA could boost privacy protections for digital photos—depending on what gets enacted. Says Lillie Coney of EPIC: “If they’re not locked down, photos could be part of our information economy that can be generated into revenue, sold, traded, used. You don’t know where they are.”

In her Senate testimony, Lynch proposed that private-sector databases such as Facebook’s should be required to obtain consent or an opt-in from consumers to any facial recognition system.

#5: Scanning in the name of cybersecurity

You may not be a malicious hacker, but that doesn’t mean your online activity won’t be scanned for telltale signs of cybercrime. The federal government has made cybersecurity a high priority, as concerns grow about over the vulnerability of the nation’s infrastructure to a computer-based attack.

The Presidential Policy Directive concerning cybersecurity lists business sectors that the Administration considers critical—and therefore, in need of online watchdogging. Some sectors, such as “Commercial Facilities” and “Critical Manufacturing,” lend themselves to broad interpretation.

“The definition is still in flux, so there’s a question about what ‘critical infrastructure’ will ultimately encompass,” says EPIC’s national security fellow, Jeramie Scott. A recent article by Reuters indicates that the government plans to expand its scanning of Internet traffic from three defined sectors: financial institutions, utilities, and transportation companies. Collectively, that covers a lot of consumer activity.

Your online activity could be scanned for telltale signs of cybercrime.

Even though the data is supposed to be scanned only in aggregate (so as not to pinpoint individuals), the methodology used in choosing and storing the data raises additional privacy issues. “The executive order on cybersecurity called for protections based on the FTC’s Fair Information Practice Principles, but it doesn’t mean the companies doing the scanning are abiding by these principles,” says Scott.

The proposed CISPA, reintroduced in February, reopens many issues around cybersecurity and privacy. “CISPA would allow companies to share much more detailed information than the aggregate data that is planned to be shared now,” says EPIC’s Scott.

Privacy threats could be solved

This year’s online threats to privacy will continue to grow unless Congress and other decision-making bodies offer some meaningful support for privacy. Witnessing the conflict between privacy and civil liberties advocates (on one side) and business and law-enforcement interests (on the other) may seem a bit like watching a particularly nasty tennis game, but it all boils down to a matter of openness versus secrecy.

Privacy advocates see Do Not Track as a no-brainer fix for the many privacy issues related to cookies. Marketers point to the ongoing success of data-driven, targeted Web advertising, which cookies make possible, as an indirect endorsement of their methods.

Consumer behavior might be sending conflicting signals, but nonpartisan research suggests a need for more, not less, protection. According to Mary Madden, a senior researcher for the Pew Research Center’s Internet & American Life Project, “Privacy concerns do have an influence on user behavior.” Studies conducted by Madden and her colleagues indicate that cell-phone users are likelier to discard an app if they don’t like the way it uses their personal information.

“Make no mistake, everything we touch that is digital in the future will be a data source.”

Trevor Hughes, who looks at privacy from an organizational perspective as CEO of the International Association of Privacy Professionals, says, “The one thing that can threaten big data is getting privacy wrong and screwing up consumer trust. The companies that miss that message are going to suffer.”

One thing is certain: Resolving online privacy issues will be essential as new devices—smart cars, watches, Google Glass, and more—add to the growing data stream. “Make no mistake, everything we touch that is digital in the future will be a data source,” says the IAPP’s Hughes. “I can imagine lots of great things emerging from this. But the privacy things have to be fixed.”


The Top 10 Online Privacy Threats

The Internet and other digital media have transformed global communications, commerce and communities. We have always-on, always-everywhere connectivity via computers, cell phones and other devices. But concerns over how accountable and responsive this new media society will be to its ‘netizens’ are constantly being raised. We take a look at ten of the hot issues in online privacy today and give you some tools to protect your privacy.

Behavioral targeting

Security cameraLearning about your purchase patterns and activities on the Web is essentially what behavioral marketing is about. Your Internet service provider (ISP) has access to where you go online and combined with third party cookies gathering information about your behavior, marketers have effective means to serve you targeted advertisements. According to a study commissioned by consumer privacy organization TRUSTe, 71 percent of online consumers are aware that their browsing information may be collected by a third party for advertising purposes, but 57 percent are not comfortable with advertisers using browsing history to serve ads.

Bottom line: Whether real or imaginary, the loss of privacy disturbs people. If the advertising industry would give its customers choice, control and transparency into its tracking and profiling practices they would go a long way in gaining consumer trust.

Privacy Tool: Targeted Advertising Cookie Opt-Out sets permanent opt-out cookies to stop behavioral advertising by 40 different advertising networks.


A group of media and marketing trade associations, including the American Association of Advertising Agencies (AAAA) and the Direct Marketing Association (DMA), has released self-regulatory principles to protect consumer privacy in ad-supported online media. This will require advertisers to clearly inform consumers about data collection and use practices associated with online behavioral advertising and allow them to control that information. Read about it here .

Cloud computing

Cloud computing refers to the concept of huge data centers operating in a networked infrastructure collectively known as “the cloud.” In other words, stuff is stored on someone else’s server accessed via the Internet. When you store your data with programs hosted on someone else’s hardware, for instance your email and calendar on Gmail; your photos on Flickr; your online computer backup on Mozy; your health records on Microsoft’s HealthVault, the responsibility for protecting that information from hackers and internal data breaches falls into the hands of the hosting company rather than the individual user.

Bottom line: Many people think that their personal data is more secure under their own control.

Privacy Tool: Use services that are established and trustworthy, and reconsider storing any sensitive data in the cloud.


Cookies are online files that can be used for authenticating, session tracking and to set your preferences or shopping cart contents. For example, the information in a cookie might be a login ID for your online email account so you don’t have to login to each page. Some cookies are temporary and some may stay on the hard drive and be used when visiting the site again. What people object to are third party cookies used to gather consumer behavior for marketing analysis. The purpose is to profile users as they move around on various sites and deliver precise, personalized advertising as they surf the Internet. Even if anonymous, these profiles have been the subject of privacy concerns.

Bottom line: Privacy advocates suggest that consumers be alerted to how they are profiled and targeted with a full and fair description of all marketing practices, so they can control what their consumer experience will be. Browsers such as Mozilla Firefox, Internet Explorer and Opera block third party cookies if requested by the user.

Privacy Tool: BetterPrivacy is a cookie safeguard which protects from usually undeletable Flash cookies.

Online Shopping

Many consumers are reluctant to make purchases on the Internet out of fear that the personal information they provide will be misused or compromised. Well written privacy policies are essential to inform the consumer, in plain language, what will be done with their information and whether any information provided will be disclosed to third parties. Another way for a website to convey integrity and trust to users is to have the site certified by an organization that provides a seal of approval. There are many organizations currently offering seal programs in response to concerns about privacy on the Internet.

Bottom line: When shopping online, be very careful about revealing your credit card number and shipping address. Use websites that offer secure transactions and read the privacy policy for information about how the websites scramble or encrypt your personal data. Since consumers have a difficult time knowing who to complain to, all privacy policies should include a link to the FTC‘s online complaint form.

Privacy Tool: Web of Trust (WOT) warns you about risky websites that try to scam visitors, deliver malware, send spam or steal personal information. WOT’s safety ratings for over 22 million websites are based on evidence from 5 million WOT users and multiple trusted sources.


PhishingCybercriminals use “phishing,” or e-mail scams, to bait people with legitimate looking requests from what appear to be reliable sources. Banks and other financial institutions, news outlets and stores are the most usual organizations to be used in this deceit. Bad guys use sneaky social engineering with the aim to collect personal information – social security numbers, passwords and pin numbers – that can be used to access bank and credit card accounts, resulting in stolen funds and identity theft.

Bottom line: Besides the risks of spam, phishing doesn’t necessarily harm your computer, but it can do a lot of damage if it results in identity theft.

Privacy Tool: Do not give sensitive information to anyone—on the phone, in person or through email—unless you are sure that they are who they claim to be and that they should have access to the information. Phishing cases should be handled seriously and reported to local police. You can also file a report with the Anti-Phishing Working Group .

Photo and video sharing

Digital cameras and camera phone applications that can upload photos or video content directly to the web, make publishing of personal content increasingly easy. Privacy advocates are concerned because much of a user’s personal life and social environment are revealed in these multimedia collections. Integrating photo sharing within social networking communities has also provided the opportunity for tagging, annotating and linking images to the identities of the people in them. The persistence of multimedia can be problematic. Researchers found that nearly half of the social networking sites don’t immediately delete pictures when a user requests they be removed. Even after you think you have deleted a photo you can still find it in Google’s caching system which is remarkably efficient at archiving copies of web content, long after it’s removed from the web.

Bottom line: Users should be informed of the tools available to allow them to control their privacy and manage their privacy decisions over time.

Privacy Tool: Set a default privacy setting for your photos and adjust the visibility to public or private.

Social networking

Facebook girlParticipation in social networking sites has increased dramatically recently. Services such as Facebook, Twitter or Friendster have millions of members with online profiles sharing personal and sensitive information freely and publicly with vast networks of friends – and an unknown number of strangers. Risks range from identity theft, online or physical stalking to embarrassment and blackmailing.

Bottom line: Social networking users should have full knowledge of and control over any and all user data collected by the network or by any third party using its platform.

Privacy tool: Visit your profile privacy settings page and adjust the visibility of profile sections.

Spyware and adware

Applications which alter your computer’s settings, such as your browser’s home page, cause annoying pop-ups and insert advertisements into web pages are known as spyware or adware. These apps can be programs, cookies or registry entries that secretly gather information about your online activity. This class of advertising methods is considered unethical and perhaps even illegal. Often these applications are disguised as a simple service like a search bar, and some of them can be malicious, open dangerous security holes and lead to frequent crashes or hangs.

Bottom line: Make sure your operating system, browser and email software has the latest updates to plug security holes and run anti-malware scans regularly. Verify that downloads are trustworthy by using a safe surfing service like WOT.

Privacy tool: Malwarebytes’ Anti-Malware is an effective anti-malware application that successfully detects and removes malicious programs from your computer.

Web bugs

A web bug is a tiny graphic on a webpage or email message that monitors the user who is reading the page or email. Advertising networks use web bugs to collect information enabling them to build a profile around your tendencies and interests. This profile is then identified by ad network cookies which track your movements and behavior across sites.

Bottom line: There is really no way to disable or turn off web bugs. Disabling third-party cookies is the most common defense. Site owners should be clear in their privacy policies that web bugs are being used.

Privacy tool: Ghostery alerts you about the web bugs, ad networks and widgets on every page on the web

Web browsing history

Search engines gather detailed information including your entire search history and browsing habits, as well as the time, date and location of the computer submitting the search, known as the Internet Protocol (IP) addresses. This data can be personally identifiable or can be made personally identifiable. Information collected is used for marketing and consumer profiling purposes to achieve precise targeted advertising: to get the proper advertisements to the proper users. It is also used by search engines to carry out research and generate statistical usage data.

Bottom line: The collection of personally identifiable data by search engines creates several threats to consumer privacy. Since consumers are largely unaware of the monitoring of their online behavior exercising any meaningful control over the collection, retention or disclosure of their personal data is limited.

Privacy tool: Yauba is an anonymous search engine which allows allow you to search anonymously and confidentially, without passing on any private, personally identifiable information.

Final word

Studies and surveys about online privacy show that most people feel a lack of control over personal information. As awareness grows, people are demanding more information about how they are being tracked and more control over how their personal information is used. There needs to be a balance between the responsibilities and practices of online companies and the rights of the individual.


3.1 Fundamentals of algorithms

3.2 Programming

3.3 Fundamentals of data representation

3.4 Computer systems

3.5 Fundamentals of computer networks

3.6 Fundamentals of cyber security

3.7 Ethical, legal and environmental impacts of digital technology on wider society, including issues of privacy

3.8 Aspects of software development

Glossary and other links

Glossary of computing terms.

AQA 8520: The 2016 syllabus

General content


Ethical impacts

Ethical Problems in Computing 1

Ethical Problems in Computing 2

Ethical Problems in Computing 3

Ethics versus morals

Ethical issues

Ethical cases

Legal impacts

The 8 principles of the Data Protection Act

Police misuse of Ripa powers to spy on journalists is systemic, MPs told

BBC and Royal Mail 'using Ripa terror powers to spy on public'

RIPA: Passwords

The Grim RIPA

Five Welsh councils used undercover surveillance on staff

The Protection of Freedoms Act 2012 – an overview

How Protection of Freedoms Bill will work

Protection of Freedoms Act 2012

Guide to Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations (PECR)

What is the Freedom of Information Act?

 A Short Guide to the Freedom of Information Act

Plain English Guide to Freedom of Information

Freedom of Information - a summary

Computer Misuse Act

Computer Misuse Act prosecution numbers falling

Computer Misuse Act 1990 cases

A brief history of Copyright.

Equality Act 2010

Equality act 2010: What do I Need to know?

Section 127 of the Communications Act 2003: Threat or Menace?

Communications Act 2003

Digital Economy Act

A Guide to the Digital Economy Act 5 – Summary

Malicious Communications Offences

What is Sending Malicious Communications?

The UK’s 15 most infamous data breaches

Forrester Research Data Privacy Heat Map, 2015

India: Data Protection Laws In India: The Road Ahead

Data protection in India

Data Protection Laws Of The World (interactive)

Data Protection Laws Of The World (pdf)

ICLG comparisson tool

The Investigatory Powers Act 2016 And Internet Connections Records

Data protection not just about personal data and compliance

Jargon buster guide to GDPR

Does Facebook own my pictures?

Pirate bay

Envirormental impacts

Environment issues

Environmental impacts

Useful links for Green IT

What is Green IT?

What Is Green IT, and Why Should You Care?

Green IT: Changing IT without it costing the earth.

Whatever happened to Green IT?

Pictures: India's Poor Risk Health to Mine Electronic "E-Waste"

India: The Rising Tide of E-Waste

BCS commentary on Greening Government ICT

Privacy issues