Metadata & the GDPR - the right way to protect information in digital documents
Digitization is advancing inexorably and does not stop at everyday office life. Working on the computer has become a matter of course over time. From the rental contract to the shopping list, all possible information and data can now be recorded in digital documents. The so-called digital documents include, for example. Word, Excel or Powerpoint files, but also PDF documents as you know them from articles or forms.
The highlight behind digital documents
While a document that is created and stored offline, only the information contained in the document is retained. Many files created on a computer, on the other hand, contain so-called metadata.
Metadata is additional information that is contained in a file. These arise when a digital file (doc, docx, xls, xlsx, pdf, jpg, etc.) is created when a document is saved. In addition to the document and the information it contains, additional information, the so-called metadata, is stored in such files. These contain information about the person who created the file.
What information does metadata contain?
Metadata contain various information about the author or the authors of a document. Typical metadata includes the names of the authors and information about the software currently in use. The storage paths or IP addresses can also be recorded in some documents. The access rights or the times at which changes were made to a document can also be saved.
How do you protect your metadata?
As with documents created offline, the general provisions of data protection apply to the creation of digital documents, which are intended to guarantee the secure handling of collected and stored data. To protect your own data, metadata can be deleted from created files. Since this information is not known to many employees, metadata is often not deliberately deleted or forgotten. With most programs you can view and delete the metadata under the “Details” of a document.
What are the dangers of metadata?
Metadata harbor a number of different dangers, both in private as well as in business. In large part, this is because many people are unaware of the very existence of this data. On the other hand, the dangers that metadata represent if they get into the wrong hands are often underestimated.
Since metadata contain a large number of personal data, they can be used to create detailed, digital profiles of people. Due to the high data density of the metadata, people can also be traced back to their profiles in social networks. In addition to spying on people, interests can range from third parties to stalking. For this purpose, they can also use the collected data to access the social media channels of the respective people. In addition to access to the respective profiles, third parties can create fake profiles and use them for various, mostly criminal purposes. Most of the time, the people concerned do not find out about this.
In addition to the criminal use of metadata, these can also be of great advantage for companies. If a company is sent a document that contains metadata, it can use the additional information to improve its own targeting, for example. But companies can also be spied on in the same way. In addition to profiles of data subjects, third parties can also create company profiles. By inadvertently transmitting company-internal metadata, companies make themselves a target for a targeted attack.