INFO2222 · Computing 2 Usability and Security
Ethics, Privacy and Professional Responsibility
Week 12 closes the unit with the professional and legal frame: the ACS Code of Ethics and how to reason about ethical dilemmas, and data-privacy law from the Australian Privacy Act 1988 to GDPR, CCPA and the UK DPA. It also folds in the exam-revision guidance (apply and reason rather than memorise numbers), and scenario-application items — which value or which law applies — are common on the final exam.
What this chapter covers
- 01Ethics as a framework for right/wrong when the choice is not obvious; IT ethics and responsible decision-making
- 02Ethical dilemmas in emerging tech (autonomous-vehicle / trolley scenarios); responsibility shared across the whole pipeline
- 03The ACS Code of Ethics — six core values, from the primacy of the public interest to professionalism
- 04Data privacy as controls on access, use, processing and storage, spanning legal, technical and social dimensions
- 05Australian Privacy Act 1988: 13 Australian Privacy Principles (APPs), applying to APP entities (turnover > $3M)
- 06The Privacy and Other Legislation Amendment Act 2024: doxxing offence, automated-decision transparency, a statutory tort
- 07International regimes: GDPR (consent, erasure, fines up to 4% of global revenue or €20M), CCPA, and the UK DPA 2018
- 08Exam revision guidance: recognition over recall, apply-don't-just-recall, and read questions carefully (negatives)
Apply the ACS values and privacy law to four IT scenarios
- +1(1) Speaking up about a safety flaw that affects users, over a profitable launch, is the Primacy of the Public Interest — placing the public interest above personal or business interests (the first ACS core value).
- +1(2) An EU-resident erasure request is governed by the GDPR, which grants rights to access, rectify and erase personal data and requires a lawful basis such as consent. (Its penalties reach up to 4% of annual global revenue or €20 million.)
- +1(3) An Australian firm with $10M turnover is an APP entity (turnover over $3M) under the Privacy Act 1988, so collecting personal information without a proper collection notice breaches the Australian Privacy Principles governing collection.
- +1(4) Overstating expertise to win a contract violates Honesty — being honest about your skills, services and products (an ACS core value); it also touches Competence, but Honesty is the most direct.
Key terms
- ACS Code of Ethics
- The Australian Computer Society's professional code, binding members to six core values: the Primacy of the Public Interest, the Enhancement of Quality of Life, Honesty, Competence, Professional Development, and Professionalism. It provides an ethical framework and a basis for accountability.
- Australian Privacy Act 1988 / APPs
- The Australian law regulating how agencies and organisations (APP entities, generally turnover over $3M) handle personal information. It contains 13 Australian Privacy Principles governing collection, use, disclosure, governance, integrity, correction and individuals' access rights; it is principles-based and technology-neutral.
- Privacy Amendment Act 2024 (POLA)
- The Privacy and Other Legislation Amendment Act 2024 (Royal Assent December 2024), which adds criminal offences for doxxing, transparency requirements for automated decision-making, a Children's Online Privacy Code, and a statutory tort for serious invasions of privacy, plus new Commissioner powers.
- GDPR
- The EU General Data Protection Regulation (effective 2018), protecting EU/EEA residents' personal data. It requires explicit consent, transparency and security, grants rights to access, rectify and erase, defines personal data broadly (including IP and cookie data), and allows fines up to 4% of annual global revenue or €20 million, whichever is higher.
- CCPA / UK DPA
- The California Consumer Privacy Act (effective 2020) gives Californian consumers rights to know what data is collected, request deletion, and opt out of data sales. The UK Data Protection Act 2018 implements and aligns with GDPR in the UK, with access/rectify/erase rights and rules for controllers and processors.
- Ethical dilemma (AV / trolley)
- A scenario with no clearly right choice, such as how an autonomous vehicle should act in an unavoidable crash. Responsibility is shared across engineers, data scientists, developers, managers, the company, regulators and society — 'technology is neutral; decisions are not.'
Ethics, Privacy and Professional Responsibility FAQ
What are the ACS Code of Ethics core values?
There are six: the Primacy of the Public Interest (public good above personal or business interest), the Enhancement of Quality of Life (improve life for those affected by your work), Honesty (be truthful about your skills, services and products), Competence (work competently and diligently), Professional Development (grow your own and others' competence), and Professionalism (uphold and advance the profession's honour and integrity). Exam items usually describe a situation and ask which single value applies.
How does the Australian Privacy Act 1988 relate to GDPR, CCPA and the UK DPA?
They are parallel privacy regimes for different jurisdictions. The Privacy Act 1988 (with its 13 APPs) governs Australian APP entities, generally those with turnover over $3M, and was strengthened by the 2024 amendment (doxxing offence, automated-decision transparency, a statutory tort). GDPR covers EU/EEA residents with strong consent and erasure rights and large fines; CCPA covers Californian consumers; the UK DPA 2018 aligns the UK with GDPR. Match the scenario to the jurisdiction and the affected people.
How should I approach an ethical-dilemma question?
Recognise that a dilemma has no obviously correct answer and that responsibility is distributed across the whole pipeline — engineers, data scientists, developers, managers, the company, regulators and society — because 'technology is neutral; decisions are not.' Frame your reasoning with the relevant ACS value(s) and any applicable privacy law, and weigh the public interest, quality of life, honesty and competence rather than looking for one 'right' rule. Any HCI study involving people also needs human-research ethics approval.
Can AI help me revise ethics and privacy for INFO2222?
Yes, as a study aid. Sia can drill the six ACS core values, map scenarios to the right value or privacy law, contrast the Privacy Act 1988, GDPR, CCPA and the UK DPA, and rehearse the Week 12 exam-revision guidance. Use it to prepare for the final exam's scenario-application items; it does not do graded assessment for you, and the University of Sydney academic-integrity policy applies.
Exam move
This chapter is scenario-application, so drill mapping rather than rote lists. Memorise the six ACS core values with a one-line trigger each, then practise reading a mini-scenario and naming the single best-fitting value (public safety → Primacy of the Public Interest; misrepresenting skills → Honesty). For privacy law, build a jurisdiction map: Australian organisations over $3M turnover → Privacy Act 1988 and its 13 APPs (plus the 2024 doxxing/automated-decision/statutory-tort additions); EU residents → GDPR (consent, erasure, up to 4%/€20M fines); California → CCPA; UK → DPA 2018. Since this is also the revision block, take its guidance to heart across the whole unit: prefer recognition over recall, apply concepts rather than reciting numbers, and read multiple-answer questions carefully for negatives — and remember the exam's negative marking means only answer options you are confident about. Confirm the exam date and permitted materials on Canvas and the USyd exam timetable.
Working through Ethics, Privacy and Professional Responsibility in INFO2222? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Ethics, Privacy and Professional Responsibility question and get a clear, step-by-step explanation grounded in how INFO2222 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.