194 Personal Content Experience: Managing Digital Life in the Mobile Age Each time the song is played, Faye programmes her application to send an event to be stored as metadata in the MdE. The stored event includes the ID of metadata instance of the played song, the timestamp when it was played, and IDs of nearby Bluetooth devices. Faye makes her application create automatic playlists, again by creating instances of MP3_playlist schemas, by using the event data. She creates a most played songs playlist where relationships between the playlist and songs are automatically updated based on how many times the song is played. She also makes her application to create friend playlists for each of Bluetooth ID discovered while a song is played. Each time a song is played, while a friend, or more accurately a friend’s Bluetooth device is nearby, her application creates a new relation - ship between the song and the friend’s playlist associated to that Bluetooth ID. 5.9 Metadata Processors Our metadata architecture allows and encourages collecting personal and private data as metadata. This includes context information, usage history, logs, and lots of other information that is useful for providing personalized and easy-to-use services. On the other hand, this data must be guarded carefully and should never be revealed to untrust- worthy parties without the user’s permission. Our architecture provides an object-level access control to any metadata items. This means, for example, that the user may allow location information to be revealed in some pictures but not in others. Furthermore, SymbianOS version 9 has a built-in platform security that mandates certifi cates for all applications, effectively providing a way to restrict access to metadata architecture for only trusted applications. One means of dealing with privacy is metadata processors, small applications that can be used for both privacy control and management of new and yet unknown metadata. A metadata processor is simply a DLL that is associated with a metadata property. That is, there is a relationship with the metadata property and the DLL. Whenever the property in question is either read or written, the DLL is called with the data to be modifi ed, and the ID of the calling application as parameters. SymbianOS version 9 requires unique IDs and certifi cations for all applications, so the pro- cessor is guaranteed to know, or not to know, what application is actually requesting the data or trying to modify it. The processor may then either accept the new data as it is from the application, or refuse it, depending on whether the application is trusted or not. Similarly,