Casa ESL · B2 Upper Intermediate · Unit 15 of 20 · Step 2

Digital Privacy

Data protection and advanced modal perfects

Use modal perfect structures to speculate about the past
Distinguish between must have, can't have, should have, and needn't have
Discuss digital privacy, data security, and surveillance

Name

Date

Vocabulary

surveillance

noun

The close monitoring of a person or group, especially by authorities.

"Mass surveillance programmes have sparked intense public debate."

encryption

noun

The process of converting data into a coded form to prevent unauthorised access.

"End-to-end encryption ensures that only the sender and receiver can read a message."

breach

noun

A failure to comply with a rule, or an act of breaking through a barrier.

"The data breach exposed the personal information of millions of users."

anonymity

noun

The condition of being unknown or unidentifiable.

"Online anonymity can protect whistleblowers but also shield bad actors."

consent

noun

Permission or agreement, especially given voluntarily.

"Users must give their consent before a company can collect their data."

algorithm

noun

A set of rules or processes followed by a computer to solve a problem.

"The algorithm decides which advertisements you see based on your browsing history."

exploit

verb

To take unfair advantage of a person or situation.

"Hackers can exploit vulnerabilities in outdated software."

transparency

noun

The quality of being open and honest, with no hidden agendas.

"Greater transparency from tech companies would help rebuild public trust."

Grammar Focus

Advanced modal perfects

Modal perfect = modal verb + have + past participle. 'Must have + pp' expresses a strong deduction about the past. 'Can't/couldn't have + pp' expresses disbelief or impossibility. 'Should have + pp' expresses regret or criticism about something not done. 'Needn't have + pp' means something was done but was unnecessary.

Someone must have accessed my account — the password has been changed.

She can't have known about the breach; she would have reported it.

They should have encrypted the data before storing it on the server.

You needn't have worried about the update — it installed automatically.

Exercises

Exercise 1

Complete each sentence with the correct modal perfect form using the verb in brackets.

1. The hacker (must / use) a phishing email to gain access.

2. She (can't / know) the password — nobody told her.

3. They (should / update) the security software months ago.

4. You (needn't / delete) those files — we had backups.

5. He (must / leave) his laptop unlocked for the breach to occur.

Exercise 2

Choose the best modal perfect to complete each sentence.

1. The email ___ from the bank — they never ask for passwords.

2. I ___ that link. Now my computer has a virus.

3. You ___ the extra antivirus — the built-in one was sufficient.

4. Somebody ___ the data to a third party. There's no other explanation.

5. She ___ about the vulnerability. She's the head of cybersecurity.

Reading

The Price of Convenience

When Elena downloaded a popular fitness app, she didn't think twice about the permissions it requested. The app must have collected far more data than she realised, because within weeks she was receiving targeted advertisements for products she had only discussed in private conversations. She can't have imagined that a simple step-counter would monitor her location, contacts, and even microphone input. A journalist later revealed that the company behind the app had experienced a massive data breach months earlier but had failed to inform its users. They should have disclosed the breach immediately — regulators agreed and imposed a significant fine. Elena needn't have worried about changing all her passwords, as the stolen data turned out to be encrypted, but she did so anyway. The incident prompted her to audit every app on her phone. She was shocked to discover that most of them had access to data they couldn't have needed for their stated purpose. The experience taught her a lasting lesson: convenience must never come at the cost of privacy.

1. What did Elena discover about the fitness app's data collection?

2. What should the company have done after the data breach?

Speaking

Discuss these questions with a partner or your teacher.

1Debate: 'People who have nothing to hide needn't worry about government surveillance.' Argue for or against. Use modal perfects to speculate about real-world examples.
2Discuss: Have you ever experienced or heard about a data breach? What should the company have done differently? What could users have done to protect themselves?

Writing

Write a short narrative (8–10 sentences) about a fictional data breach and its consequences. Use at least four different modal perfect structures (must have, can't have, should have, needn't have).

Example: The intruder must have gained access through an unpatched server. The IT team can't have been aware of the vulnerability, or they would have fixed it. Management should have invested in better security years ago. The company needn't have paid the ransom — the authorities recovered the data within days.

Answer Key — For Teacher Use

Exercise 1

1. must have used · 2. can't have known · 3. should have updated · 4. needn't have deleted · 5. must have left

Exercise 2

1. can't have come · 2. shouldn't have clicked · 3. needn't have bought · 4. must have sold · 5. must have known

Reading Comprehension

1. She discovered that the app must have collected far more data than expected, including her location, contacts, and microphone input, going well beyond what a step-counter would need. · 2. They should have disclosed the breach to users immediately, which they failed to do, resulting in a significant fine from regulators.

← Unit 14: Health SystemsUnit 16: Literature & Storytelling