Metadata is data about data. Although this data can provide specific insight into personal data such as Personal Identifiable Information (PII) (see Privacy Concerns), there is also a problem with hackers gaining access to Metadata.
For example, knowing your name, address, phone number, and credit card details can be used to make illegal purchases in your name. This is a Criminal Activity in itself, but gaining information about your behavior and habits is a different kind of privacy violation. This information can be used to target you for advertisements or more nefariously specific scams. For instance, the metadata can now be used to determine that an individual is visiting a well-known cancer clinic and target the person for “miracle cures”.
Another example might be the discovery that a well-known founder and CEO of a publicly-traded company has visited the same well-known cancer clinic. This information is then used to in essence glean insider information about the company and make stock trades.
The use of Metadata is the primary engine for companies such as Google, Facebook, Microsoft, Apple, etc. However, this is done using their own mechanism to collect the data and users sign their rights away with the Service Level Agreements (SLAs), etc they “sign” when they choose to use these products. It is another thing to use government-provided data.
Therefore, Metadata not only contains Data about Data, but it can also contain information about the association of data elements together. Sometimes this activity is referred to as Triangulation.
There is an assumption that Bitcoin transactions are anonymous, the reality is that they are anonymized. The following article by John Bohannon highlights the issue:2)
In this case, it was the “good guys” who used the Metadata, but this could also have been used for nefarious activities and a U.S. CBDC needs to protect this kind of data.