All modern communications involve metadata. Using the internet creates metadata. Interacting on social media creates metadata. Simply using your smartphone creates metadata. If someone were to compile all your metadata they would be able to draw a detailed picture of your life including your interactions, behavior, tendencies and more. The protection of this data should be a paramount consideration for individuals and businesses alike. Metadata is the data our communications send that allow our communications to reach their intended recipient. More importantly for today’s society, metadata includes the data generated by devices such as smartphones and computers. This data includes IP addresses, URLs that we visit online, precise locations where we make calls, review emails and even check for social media updates. It is the space between the atoms of our digital lives.
Relation of metadata to privacy act 1993.
- When metadata is collected the reason for the collection should be known to us as per the privacy act of 1993 of Purpose of Collection of personal information.
- When metadata is collected it should be directly collected from us rather than our sources at different places as it is termed as breach of privacy.
- We should be aware of the fact that for what purpose our metadata is collected and where is it going to be used and to what level it can be used.
- The collection of metadata should be performed within some rules and with willingness of a person who is giving it.
- Once the metadata is collected the storage of that data should be known to that person that whether the data is safe or not.
- One can ask for the metadata to be updated as the information related to it may be changed.
- The metadata should not be kept more than the stipulated time told by the agency which is collecting it.
- The metadata given by us should not be identified uniquely by the agency as it leaves a digital footprint of that person and next time it can be traced easily.
Metadata simply means data about data, extra useful information on data. In context of databases, metadata would be info on tables, views, columns, arguments etc. For example, say you have a table to store personal info, which has columns that keep the social security number, phone, address, name, surname, birth date etc. for each person. While describing this table, you would also have to describe each column with a data type, and a length - precision etc. Here, what you call 'data', would be the dates which are stored in the table. The metadata would be all the other stuff you specified while you were creating the table, which defines how that data can be stored and accessed. Say we have a department with a number of performance measures floating around. There is a separate individual responsible for each of the measures. Whenever we need a number, we would approach the individual that is able to get the number for us. Now to borrow from Russ Binder’s example - consider a library. With a lot of books inside. And a catalogue with a description of each book and where you need to go in the library to find each book. On 19 January 2017, a decision was handed down by the full bench of the Federal Court that will likely have wide ranging ramifications on Australian privacy laws.
The decision of Privacy Commissioner v Telstra Corporation Limited stretches back to 2013 when Journalist Ben Grubb requested Telstra provide information they had retained about him pursuant to Australia’s mandatory data retention laws. That request included a request for ‘metadata’. Telstra provided Mr. Grubb with his customer and billing information but refused access to his metadata arguing it did not constitute “personal information” for the purposes of the Privacy Act 1988.
Mr. Grubb lodged a complaint with the Privacy Commissioner and this decision is the latest in a series of appeals. Throughout the case the Privacy Commissioner argued that the metadata held by Telstra was personal information as it could be linked to an individual subscriber and their billing information. This argument suggested that the metadata was essentially a “data fingerprint” allowing the individual to be identified when linked with other information held by Telstra. Telstra, on the other hand, argued that as Mr. Grubb’s name or telephone number was not referenced in the metadata it was not “personal information” for the purposes of the Act. That is, Mr. Grubb could not be identified from that information alone. It is important to note that in its judgment the Court conceded that there is information that may only become “about” an individual when combined with other information. Despite this, the Court decided that this metadata was not “about” the individual concerned as per the definition because the individual was not the subject matter of that data. The Court took the view that the metadata in this case was about the service provided by Telstra to the individual rather than “about” the individual. It is not advisable to use metadata as it is a detail about any document and when too many, metadata are combined together to get a clear picture of the actual data and it can be a breach of privacy if the metadata is allowed to be used.