Ever wonder what happens to your social media accounts, email, online texts and other digital content when you die? Do they simply expire, leaving nothing behind but digital dust? Or can you authorize someone to take them over after you pass on? And if so, what powers would such a person possess?
In response to such quandaries, tech giants Facebook and Google have created systems to deal with death—such as suspending inactive accounts, and creating online memorials. But these steps only address part of the problem.
This novel issue was recently confronted by the Delaware Legislature, which became the first state to pass a uniform statutory scheme granting fiduciary trustees full access to a decedent’s online accounts and digital content, just as they would with more tangible assets. If this trend continues, more people may be able to confidently plan for the disbursement of their digital estate.
Avoiding Digital Death
Left unchecked, social media and online accounts may expire with the decedent. This phenomenon is commonly referred to as “digital death.”
But digital death can also have financial repercussions, as digital assets can have real value. A 2011 survey by McAfee found American consumers valued their digital assets at an average of $55,000. Such assets include digital photos, digital music, client lists, domain names, social media accounts, online manuscripts, blogs, email accounts, computer code, online gaming avatars and more.
Delaware Grants Fiduciaries Full Access to Digital Assets
In an effort to provide a workable framework by which to administer one’s digital estate, Delaware recently passed the Fiduciary Access to Digital Assets and Digital Accounts Act, 12 Del. C. Section 5001, et seq., in August.
What makes the act so unique is that it is the first adoption of the Uniform Fiduciary Access to Digital Assets Act (UFADAA), drafted by the Uniform Law Commission (ULC), a nonprofit group that lobbies to enact model legislation.
According to the ULC, the UFADAA solves the digital estate problem by using the concept of “media neutrality.” This means if a fiduciary would have access to a tangible asset, that fiduciary will also have access to a similar type of digital asset. The UFADAA also defers to an account holder’s privacy choices as expressed in a document (like a will or trust), or online by an affirmative act separate from a general terms-of-service agreement. Thus, an account holder’s desire to keep certain assets private will be honored by the UFADAA.
One reason the UFADAA is so important is because current federal legislation regarding access to digital assets is hidden in the Stored Communications Act (SCA) and the Computer Fraud and Abuse Act (CFAA)—both passed in 1986, with only minor revisions since then. Notably, the SCA broadly prohibits an “electronic communications service” (like an email service or social network) from disclosing the “contents of a communication” to parties other than the sender or recipient. The CFAA imposes criminal penalties (or civil liability) for “unauthorized access” to computer hardware, devices, and stored data.
To address this concern, the act states a “fiduciary with authority over digital assets or digital accounts of an account holder … shall have the same access as the account holder, and is deemed to (1) have the lawful consent of the account holder and (2) be an authorized user under all applicable state and federal law and regulations and any end user license agreement.”
Despite its well-intentioned goals, detractors like Jim Halpert, an attorney with DLA Piper and director of the State Privacy and Security Coalition, still oppose the act. “This law takes no account of minimizing intrusions into the privacy of third parties who communicated with the deceased,” Halpert told Ars Technica. This includes highly confidential communications to decedents from third parties—like doctors, psychiatrists and clergy—who would not expect an executor to review the communications. Halpert also claims it will cause confusion with federal law.
The act is set to take effect Jan. 1, 2015.
Other States’ Approaches to Divesting Digital Assets
Delaware was not the first state to address digital assets. In 2005, Connecticut passed a narrow law giving access to email accounts for deceased residents. Since then, Rhode Island, Idaho, Indiana, Oklahoma, Nevada and Virginia have all passed legislation providing varying degrees of access to digital accounts.
Bills are also pending in a dozen other states, yet all but one has failed to pass. In Pennsylvania, HB 2580—a fourth-generation bill to allow access unless it was restricted by will or court order—has been pending since August 2012.
Implications: Planning for Your Digital Estate
Digital assets have largely replaced tangible ones in our modern world. Yet the laws governing access to these assets remain outdated and inconsistent.
Although a form of personal property and part of a decedent’s estate, commentators have observed that rights regarding digital assets are intertwined in a complex web of federal, privacy, copyright, intellectual property and state law. The result is fiduciaries are often left with little authority or guidance in collecting, distributing and settling a digital estate. And the problem may be more widespread than previously understood. According to a March 2012 article in Technorati, 30 million Facebook accounts belong to dead people.
Current federal law and the law of most states fail even to recognize a fiduciary as possessing authority over digital assets. And until more jurisdictions adopt the UFADAA, this lack of uniformity will only continue.
When a person dies (or is incapacitated) his or her fiduciaries and family members face particular challenges when administering his or her digital estate. After first identifying which digital property is significant, or has value, other obstacles include having to deal with: (1) passwords; (2) encryption; (3) criminal laws penalizing “unauthorized access” to computers; and (4) data privacy laws. Overcoming such obstacles can be tricky—but helpful guidance does exist.
Commentators suggest account holders take four steps to plan for death/incapacity. First, they should inventory their digital footprint by identifying accounts and determining if they have financial or sentimental value. This process should include listing usernames, account numbers and passwords (the average person has 25 passwords). This sensitive list should also be kept separate from their will; a probated will becomes a public record.
Second, account holders should routinely back up electronically stored information—especially if the data is stored remotely—so as to save fiduciaries from having to obtain access from remote service providers that are subject to various federal and state criminal and data privacy laws, like the SCA or CFAA. Fiduciaries would thus only have to deal with the aforementioned service providers in order to close or memorialize accounts.
Third, the account holder should make a plan for managing/distributing the inventoried digital property. This includes designating a fiduciary with power and authority over digital property, providing instructions for distribution, and securely deleting digital assets the decedent does not want passed on to his or her heirs. Understanding a site’s default terms with respect to whether certain accounts will be automatically frozen or deleted is also critical.
And fourth, the account holder should expressly authorize service providers to disclose private information to their fiduciaries so as to evidence their “lawful consent” thereto, and “authorized access” to the data. This can be accomplished by including a clause in a will identifying the above federal laws.
Given the explosion of online content and a comprehensive statutory scheme on the books, digital estate planning may soon become the new normal. Until then, a little knowledge may help stave off the looming specter of digital death.