In terms of adopting, I think it would be useful to clarify this. Metadata already falls outside the definition of personal information in the act where there are ambiguities. An IP address is a good example. Often the argument will be that because an IP address takes three or four steps before you connect it to a name, it's not personal information. That's because the definition of personal information is tied to information that's about an identifiable individual. I think some of that can be addressed through interpretation by the Privacy Commissioner, etc. In Europe, I think they've actually issued directives around specific problematic items of metadata like IP addresses, saying that this is to be considered personal information.
I think part of the problem with addressing metadata in a statutory definition is that it's a constantly evolving category of data. Maybe something that would refer to regulation, that would allow for a rolling definition that gets adopted through regulation, might be the best way to address that particular problem and make sure that this type of data is kept within the scope of the protections in the Privacy Act.