With Digital Rights Come Responsibilities

IT affects issues regarding intellectual property, censorship, freedom of expression, privacy and security. Information technology law, or cyberlaw, is the area of law that relates to those issues.

A very common legal problem in IT is copyright infringement, aka piracy. Copyrights are exclusive rights granted to creators of original work. This work can't be copied, modified, published or distributed without the author's permission. Intellectual property is something that can be easily forgotten online, but it's a costly mistake. There is the well-known case of Joel Tenenbaum who was fined $675 000 for illegally downloading and sharing music. Apart from music, copyrighted material can include anything from books, paintings, photographs, performances, films, and even computer programs. A basic term of the copyright lasts for the life of the author plus fifty to seventy years. Some people argue, though, that waiting so long for recreating the existing work makes it harder to be creative. Another legal and ethical issue in IT is privacy, especially the way organisations handle customers’ personal data. There are big advantages to storing and analysing those pieces of information. Companies can serve their customers better, manage their businesses more efficiently and incorporate good decisions into new product development, etc. However, negative impacts come with a possible security breach.

Since May 2018, the General Data Protection Regulation (GDPR) has given EU citizens more control over their personal information. In the UK, the government has created the new Data Protection Act 2018, which replaces the one from 1998. The GDPR affects every member state, as well as companies outside of EU which handle data relating to EU citizens. It is important to comply with the regulation since companies which fail to do so can be fined. Cybersecurity is important. After every personal data leak, affected customers have to be notified. That can damage people's trust in the company. The ISO /IEC 27000 family of standards can help organisations keep information assets secure.

Unethical behaviour of a company can attract media attention, which can have a negative impact on its reputation. Reputation and trust are as important today as products and services. IT ethics can prevent many legal issues. It can help preserve a people's trust in digital services. But sometimes what is considered legal doesn't need to be ethical. For example, Google's tracking of searches followed by personalised advertisements. It's legal, but someone might find it unethical regarding their privacy. Ethics is a system of moral principles. It can be challenging for companies to follow these principles at the individual level. If the company will establish a set of shared values, beliefs, and norms, it can influence individuals to act ethically. Those standards are called IT codes of ethics, and many of them are already produced and used all around the world (for instance, SANS IT Code of Ethics, IEEE Code of Ethics, the Ten Commandments of Computer Ethics and many more).

We can see that even large and well-known companies have legal and ethical issues in IT. Facebook's large data collections of their user's personal data attract hackers. Just recently, on 28th September 2018, they announced a massive security breach which put at least 50 million user's data at risk. This breach came after the so-called Facebook-Cambridge Analytica data scandal. It started with an application build by a Cambridge University researcher Aleksandr Kogan. His company GSR, along with Cambridge Analytica, collected the data of hundreds of thousands users who agreed to take a personality test through the application. Users agreed to have their data collected for academic reasons, but information from their Facebook friends was harvested without anyone’s consent. Facebook later admitted that data from 87 million users was collected. Mark Zuckerberg, Facebook's CEO, publicly apologised and had to testify before US Congress. The Company faces a fine of £500 000 by Britain's information regulator. Accusations that harvested data was used to psychologically profile voters during the 2016 US election and the EU referendum caused great concerns about personal data usage.