AP®Computer ScienceCollege BoardComputer Science PrinciplesStudy GuidesUnit 5: Impact of ComputingSafe ComputingRisks to privacy

Risks to privacy (College Board AP® Computer Science Principles): Study Guide

Robert Hampton

Written by: Robert Hampton

Reviewed by: James Woodhouse

Updated on

Collecting and storing personal data

What is PII?

  • Personally identifiable information (PII) is information about an individual that identifies, links, relates, or describes them

  • Examples include:

    • Social Security number

    • Age and race

    • Phone numbers

    • Medical information

    • Financial information

    • Biometric data

  • PII is often collected by computing innovations without the user being fully aware of what is being recorded

How is data collected?

  • Computing devices collect data from users through:

    • Search engine history that records every query a user enters

    • Website tracking that records pages visited and time spent on each page

    • Device tracking that records hardware identifiers and IP addresses

    • Location tracking through GPS and connected Wi-Fi networks

    • App usage tracking that records which apps are opened, for how long, and what actions are taken inside them

How collected data benefits users

  • Collected data is often used to enhance the user experience in helpful ways:

    • Search engines provide suggestions based on past queries

    • Online stores offer product recommendations based on browsing and purchase history

    • Apps simplify purchases by remembering payment details

    • Targeted advertising shows content relevant to a user's interests

  • These conveniences explain why users often consent to data collection, even when the long-term risks are unclear

Privacy risks and persistence

How can collected data be misused?

  • The same data that provides convenience can be exploited when used in unintended ways:

    • Stalking: location data and social media activity reveal a person's daily patterns

    • Identity theft: stolen PII allows criminals to impersonate someone for financial gain

    • Crime: aggregated personal data sold to malicious actors enables fraud or harassment

  • Once data leaves the user's control, the person who originally collected it may not be the only party that ends up using it

Data aggregation and profiling

  • Aggregated data combines pieces of information from many sources to build a detailed profile of an individual

  • Even when each individual piece of data seems harmless, combining them often reveals far more than the user intended to share

  • Disparate personal data such as geolocation, cookies, and browsing history can be aggregated to create knowledge about an individual

  • Example: combining a person's search history, location data, and purchase records can reveal their health conditions, political beliefs, or relationships

Difficulty of deletion

  • Information posted online is difficult to delete once it has been shared

  • Reasons include:

    • Copies may be stored on multiple servers and backup systems

    • Other users may have copied, screenshotted, or downloaded the content

    • Search engines and archives may have indexed the data

  • Information placed online can be used in ways that were not intended, for example, emails may be forwarded, tweets can be retweeted, and social media posts can be viewed by potential employers years after posting

Privacy concern

What it is

Example

Data exploitation

Collected data used in ways not originally intended

Location data sold to advertisers without user knowledge

Aggregation

Combining data sources to build detailed profiles

Search history + purchases reveal personal preferences

Persistence

Difficulty of removing data once shared online

Old social media posts remain accessible years after posting

Examiner Tips and Tricks

  • Exam questions often distinguish between data that is harmless on its own and data that becomes sensitive when combined; remember that aggregation is what makes seemingly innocuous data reveal personal details.

  • For the CPT, if your program collects user data (even basic input like names or preferences), consider in your written response what would happen if that data were lost, stolen, or combined with other sources.

Worked Example

A weather app asks users to share their location to provide local forecasts. Later, the company that owns the app sells the collected location data to an advertising firm. Which of the following best describes this situation?

(A) The app is using strong encryption to protect users
(B) The collected data is being used in a way the user may not have originally intended
(C) The app has reduced the digital divide
(D) The app has eliminated all bias in its forecasts

[1]

Answer:

(B) The collected data is being used in a way the user may not have originally intended [1 mark]

  • The user shared their location to get weather forecasts, but the data is now being used for advertising, which is an unintended purpose and a key privacy risk identified in the CED.

Unlock more, it's free!

Join the 100,000+ Students that ❤️ Save My Exams

the (exam) results speak for themselves:

I would just like to say a massive thank you for putting together such a brilliant, easy to use website.I really think using this site helped me secure my top gradesin science and maths. You really did save my exams! Thank you.

Beth
IGCSE Student

This website is soooo useful and I can’t ever thank you enough for organising questions by topic like this. Furthermore, the name of the website could not have been more appropriate as it literally did SAVE MY EXAMS!

Fathima
A Level Student

Incredible! SO worth my money, the revision notes have everything I need to know and are so easy to understand. I actually enjoy revising! It makes me feel a lot more confident for my GCSEs in a few months.

Kate
GCSE Student

Absolutely brilliant, both my girls used it for A levels and GCSE. It's saves on paper copies, also beneficial exam questions ranked from easy to hard. It's removed a lot of stress from the exams.

Sameera
Parent

Just to say that your resources are the best I have seen and I have been teaching chemistry at different levels for about 40 years

Mark
Chemistry Teacher

Excellent

Our rating represented in Trustpilot stars
Read more reviews
Previous:Legal & Ethical ConcernsNext:Resource Protection
Author
Reviewer
Robert Hampton

Author: Robert Hampton

Expertise: Computer Science Content Creator

Rob has over 16 years' experience teaching Computer Science and ICT at KS3 & GCSE levels. Rob has demonstrated strong leadership as Head of Department since 2012 and previously supported teacher development as a Specialist Leader of Education, empowering departments to excel in Computer Science. Beyond his tech expertise, Robert embraces the virtual world as an avid gamer, conquering digital battlefields when he's not coding.

James Woodhouse

Reviewer: James Woodhouse

Expertise: Computer Science & English Subject Lead

James graduated from the University of Sunderland with a degree in ICT and Computing education. He has over 14 years of experience both teaching and leading in Computer Science, specialising in teaching GCSE and A-level. James has held various leadership roles, including Head of Computer Science and coordinator positions for Key Stage 3 and Key Stage 4. James has a keen interest in networking security and technologies aimed at preventing security breaches.