Computing Legislation (UK Laws)

Computers let us do extraordinary things — but the same power that lets you back up your photos also lets someone copy your bank details, and the same network that streams a film can be used to steal it. So Parliament has passed laws that draw a clear line between what you are and aren't allowed to do with computers and data. Break one and you aren't just being rude — you're committing a crime, with real fines and, for the serious offences, prison.

For GCSE you need to know four laws: what each one is for, and an example of how someone might break it. Here they are, and then we'll take each in turn.

The four laws at a glance

Every law protects something. Watch the diagram match each Act to what it guards — hackers and passwords, personal data, creative work, and the public's right to know.

1. Computer Misuse Act 1990

This is the UK's main anti-hacking law. It was written after two men broke into a computer system belonging to the Duke of Edinburgh and the courts found there was no law that clearly covered it — so Parliament made one. It creates three main offences:

A later update also made it an offence to make, supply or obtain hacking tools (software designed to break into systems) for use in these crimes.

Breaking it — an example: guessing a classmate's password and logging into their school account, or releasing a virus that scrambles a company's files.

2. Data Protection Act 2018 (UK GDPR)

Every time a shop, school, hospital or app stores facts about you — your name, address, date of birth, medical records — that's personal data. The Data Protection Act 2018 (which brings the UK GDPR rules into UK law) sets out how organisations must look after it. Anyone who controls personal data must follow its principles, including:

It also gives you rights over your own data: to see it, to correct it, and to have it deleted. The regulator that enforces it is the Information Commissioner's Office (ICO).

Breaking it — an example: a company that leaves its customer database unencrypted and lets it get stolen, or sells your email address to advertisers without your consent.

3. Copyright, Designs and Patents Act 1988

When someone creates an original work — a song, a film, a photo, a book, or a piece of software — this Act makes them the owner of it. Copyright is automatic: the creator doesn't have to register anything. It means you may not copy, share or sell someone else's work without their permission, and it lasts a long time (for most creative works, the creator's lifetime plus 70 years).

This is the law behind the "©" symbol, software licences, and the reason piracy is illegal. Creators can choose to give permission through a licence (for example, some software is released as open source so others may reuse it).

Breaking it — an example: downloading a film from an illegal streaming site, copying a paid app and handing it to friends, or using a photographer's image on your website without asking.

4. Freedom of Information Act 2000

The other three laws mostly restrict what you can do. This one does the opposite: it gives the public a right to ask for information held by public bodies — the government, councils, the NHS, state schools, the police. Anyone can make a request, and the organisation must normally respond within 20 working days.

It keeps public bodies open and accountable. Some information can be withheld — for example if releasing it would harm national security, or if it's someone's personal data (which the Data Protection Act protects instead).

Using it — an example: a journalist asking a council how much it spent on new computers last year, or a resident asking how many potholes were reported on their road.

It's tempting to think that logging into someone's account "just to have a look" is fine as long as you don't change anything. It isn't. Under the Computer Misuse Act, the offence is unauthorised access itself — simply getting into an account or system you have no permission for is already a crime, even if you read a single message and log straight back out. Changing or deleting data is a separate, more serious offence on top.

And "I didn't know it was illegal" is no escape: in law, ignorance of the law is no defence. Knowing your password gives you access; being allowed access is a different thing entirely.

Matching the crime to the law

In the exam you're often given a scenario and asked which law has been broken. The trick is to spot what was harmed:

Yes — often! Imagine a hacker who breaks into a hospital's system (Computer Misuse Act), downloads patients' medical records, and sells them (Data Protection Act). A single incident can breach several laws, and prosecutors can charge the most serious offences that apply. When you analyse a scenario, don't stop at the first law you spot — check whether more than one has been broken.