One of China’s largest video-sharing and livestreaming platforms is taking a lead in ensuring the digital legacy of users who have passed away by memorializing their accounts. In a statement Thursday, Bilibili said that the company wanted to “protect and commemorate” users who are no longer alive through their […]
No one wants to think about their death, but it’s a fact of life. If you live a long life if it’s tragically cut short, at some point you will no longer be around.
Unlike previous generations, most people alive today will leave behind a digital legacy, mobile phone contacts and social media accounts to digital online photos.
Without proper planning, that legacy might end up causing more distress to your loved ones, with inaccessible social media pages, no control over comments being left, and possibly lost treasured memories.
Jump to…
The Data You Leave Behind
More and more of our life is being stored digitally; photos on our phones being backed up to cloud services and sorted into online digital albums, documents being stored online, address books and contact information in our phones and social media holding details of conversations with our friends and family.
While we’re alive and have full access to our memory and our devices, the security that is used to keep hackers out of these online services (mostly) does exactly what it is meant to. We can access the content freely and easily, others can not.
But what happens if you pass away or suffer a life changing incident that means you can’t access your data again? Do you want your loved ones struggling to get access to your online accounts when you can’t?
Data Law
The General Data Protection Regulation state that the GDPR only applies to you while you’re alive. Once you’ve died, personal information is no longer protected, and it’s up to each country to decide how that data should be treated.
This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased personsGeneral Data Protection Regulation
The UK’s data law, the Data Protection Act 2018, does not make any provisions for data belonging to a deceased individual either.
Personal Information is any information relating to an identified or identifiable living individualData Protection Act 2018
It’s obviously not quite that clear cut. While your online photos will generally not affect other individuals privacy, granting access to a deceased person’s social media account means you are granting access to personal information of any contacts the deceased was connected to, and this could potentially breach the GDPR.
Until the UK Law deals with the issue of data ownership and access rights after death, it’s prudent to make your own provisions to ensure you have a say to what happens to your data after you die.
Where There’s A Will
You might not think about making a will, you might consider your assets and affairs don’t require one, but making a will and leaving an associated letter of wishes should be something you do regardless of your situation.
In your will you should include you wishes to grant various people access to your social media and other digital accounts (banking, cryptocurrency, household utilities etc) but leave the details of how to access the accounts in an associated Letter Of Wishes, this can be more easily updated if/when you change your logon credentials for example.
In the letter of wishes you can include details of the location of a secure password vault, and the means to access it. You can also put other various pieces of information; who should (and should not) be notified of your death, information on how you want your trustees to manage your estate, how you want guardians to bring up your children and so on.
Password Management Services
Keeping an online, up-to-date password vault means that you can pass on the login details for your accounts and services after you die or otherwise become unable to access them. It’s also the absolute best way to make sure every password you use is unique and very complex – you don’t need to remember them, the vault does that for you. We wrote a post on this here: Do you want to know more?
Using a service like LastPass is good for basic user account information, the data is stored on the LastPass servers. Another similar service is 1Password which stores your data in an online encrypted store.
KeePass is another password vault, but unlike LastPass and 1Password, you can store different types of information and add comprehensive notes and attachments. KeePass data is saved in a standalone database, so can be saved into various online and offline locations (you can use synchronisation plugins to keep them all up-to-date) The database is encrypted with a master key.
These services can be integrated into your browser and smartphone, meaning they can automatically fill in user credentials on websites and apps, a great way to make sure you use complex unique passwords for every service, and only have to remember one password!
There are other password storage services, like the ones built into your browser or smartphone such as Chrome’s password manager that syncs across your google account. They all have their own storage solutions and uses, but are typically not as encompassing and manageable as dedicated third party services, or may not have the same level of security, putting your account passwords at risk.
Access To Your Accounts
You should leave enough information so that your know loved ones will be able to access your password vault.
If you’re using an online service like LastPass, they’ll need to know the name of the service and the logon information.
If you’re using an offline service like KeePass, they’ll need to know the name of the service, the location of the database file and the logon credentials for the database.
Don’t leave the credentials in plain text for obvious reasons, instead make the credentials sufficiently complex, but easy enough for your family to work it out. (and don’t forget to update the details if you later change them)
You can leave the access details in your Letter Of Wishes with your will, and/or on a memorialised system like the Google email service (see below) that will send a message automatically on your behalf.
So the clue you leave might be “username is my nickname then an underscore and the year we first met” (obviously make sure you get the year right for many reasons!) and for the password “Password format is 9999%AA99aaa%Axxxxx and is the last four digits of my mobile phone number, the email sign, my first car registration number (matching the case), the star sign and the first word from the title of my favourite film“
This should be sufficient to allow your family to be able to find and access your password store, from there they can log into your accounts and carry out any additional wishes you may have made.
Memorialised Account
Quite a few online services have considered what should be done with your online digital data once you are no longer able to manage it yourself. Some will simply freeze the account and put restrictions in place, others allow you to pre-configure actions.
We particularly like the Gmail way of configuring an account that’s not logged into for so many days, particularly the email facility. Combined with an encrypted attachment, this could be a secure way of passing on your account credentials if you are no longer able to access the information.
Facebook have a facility to memorialise and account if the account holder passes away. This locks the account down but keeps it visible so friends can family can share memories to it.
It’s a good idea to add a legacy contact to your account, this is someone who can manage your account once it’s been memorialised. A legacy contact can put a pinned post on your memorialised profile page, manage and delete tribute posts, see posts that your account is tagged in, respond to friend requests and generally manage your account. They can see all your posts (even ones set to private) but won’t be able to read your facebook instant messages.
To add a legacy contact, go into your Facebook settings, click EDIT next to Memorialization Settings and then type in a friends name and click ADD. Here you can also set if your legacy contact can download a copy of your Facebook data once your account is memorialised, and request that Facebook delete your account rather than memorialise it.
A memorialised account has ‘Remembering…’ in front of the owners name. It can still be tagged in posts and photos, and content you created will remain on Facebook unless the account is deleted. If you were the admin of a page on Facebook, that page will be deleted once your account is memorialised.
Once an account is memorialised it can not be logged into, even if your family have your login details. If you have not appointed a legacy contact, your account will not be able to be changed in any way.
To notify Facebook that a user has passed away, and change the account to a memorialised one, a friend or family member needs to contact Facebook via the memorialisation request page and send a copy of the death certificate.
If you are an immediate family member, you can request the account be removed rather than memorialised. To do this you need to send Facebook proof of your relationship to the account owner.
People with Google accounts can use the Inactive Account (IAM) Manager to determine what should be done if they can no longer access their account. This needs to be setup in advance so Google knows what your wishes are.
If the IAM is not setup, immediate family members can submit a request to Google to close a deceased person’s account, obtain information from their account and request a return of any funds in their account.
Inactive Account Manager
The Inactive Account Manager can be configured to manage your Google data if you can’t log into your account.
You can choose how long your account needs to be inactive (inactivity is determined by a combination of last sign-in, activity listed on your Google Activity log and logins from Gmail and Android) before the Inactive Account Manager takes over.
Once the Inactive Account Manager takes over, the first thing you can set it to do is send an email and text message to you to check you’re not available. If there is no response to these communications, the Inactive Account Manager will then carry out your instructions.
This can include an automated email from your gmail account. You can email upto 10 people and you can grant them access to various Google services, such as your photos store, contacts, Google Drive, Hangouts, Maps, My Business and so on (see the Google Dashboard below) Google allows you to add the recipient’s phone number for verification before they can access your data, and you can add a personal message which will be sent to the recipient.
This is a great opportunity to include the details of your password vault, but make sure you keep it up to date if you change the service, location or credentials.
You can also configure an automated reply if you use your Gmail account, informing anyone who emails you, that you are no longer using this account.
Finally you can instruct Google to delete your account and all your data after three months.
“It’s something that many of us avoid thinking about and that’s why 2016 Best Will Week (31st October 2016 – 4th November 2016) from mylegacy.ie is such a great idea. With so many solicitors around the country signed up to help the public prepare their wills and offer advice on possible charity legacy bequests, it’s a good time to make an appointment to get the job done. However, there’s something new for us to consider in 2016.
Regardless of age, we’re living online more than ever before. And that’s why we really need to think about what’s called our Digital Assets when preparing our will. Otherwise, living on digitally is a real prospect if not properly managed. The concern about a Digital Afterlife is one we’re hearing more and more about from clients at both our city centre and in Stillorgan office” That’s according to Eileen O’Gorman, apartner with long established Dublin law firms Gleeson, McGrath Baldwin (www.gmgb.ie)
In a digital world where your Facebook page may be memorialised and your music collection caught in a cloud, have you considered your digital assets? Exactly what are they, where they are located and who can access them once you depart this world?
Also, how much can you exercise control of your social media content from the grave? And where do you begin?
Eileen O’Gorman offers several practical pieces of advice:
The starting point (as with all issues that affect your online activity) is to read the terms and conditions – especially those of your favourite social media platforms
To ensure your digital legacy, convert digital assets to physical assets.
Identify if you have the right to pass on these Digital Assets at all or are they likely to be as intangible as your post mortem spirit?
1. Terms and Conditions
Some providers have developed hands on management tools such as Googles plan for your digital life after death and Facebook’s memorialisation feature. Did you know that following a few simple steps you can appoint alegacy contact through this Facebook feature to give a trusted party the ability to select certain data for archive, memorialise or terminate your account?
Some accounts however will be automatically terminated as a result of inactive use and where this happens you need to consider if there is content you may want someone to have.
Whether you want to terminate your online existence on death or use a platform like LivesOn so that “When your heart stops beating you keep tweeting”, you need to consider these assets and the terms of service that govern their location and access to them.
Sites like DeadSocial provide a platform whereby messages can be created and saved for publication to your Facebook or Twitter profiles after death. LivesOn uses artificial intelligence algorithms to keep your tweets coming from beyond the grave. If you don’t want to maintain a ghostly presence on your social media you may think that all this will no longer concern you. Butthink again. But You may not want to actively provide post mortem social media content but your social media presence does not automatically terminate on death. To the contrary, many of your accounts and profiles may remain very much alive and subject to abuse in the absence of your or someone else’s custodianship.
2. To ensure your digital legacy, convert digital assets to physical assets.
This can be done by downloading items and content to a physical device, which can then be passed on. Just make sure it is not password protected and if it is that you’ve left the password also. We would never encourage downloading digital assets in breach of a licence for use. There is a handy feature on Facebook to download your Facebook content. I regularly update my iCloud content and download it onto a terabit external hard drive to ensure my photographs, videos and other mementos are available for my family and friends in the future.
There have been cases, mostly in sad and tragic circumstances where the next of Kin have sued for access to a deceased emails or social media content. While service providers face big data protection and privacy issues when presented with such requests they are also faced with a moral and ethical dilemma. You may not want the content of these accounts to be made available to any third party no matter the circumstances or you may wish to have an option to preserve your digital assets or indeed bequeath it.
3. But do you have the right to pass on these Digital Assets at all or are they as intangible as your post mortem spirit?
With regards to online digital assets it is important to understand whether death is dealt with in terms and conditions of use but it is equally important to consider whether items you pay money for or acquire are actually purchased or merely licenced for personal use. Certain digital books, music and other items are licensed for use only and there are several legal restrictions on the transferability of such licences. Therefore, passing on digital assets may not seem as easy as you think.
For example, if you buy a CD then you have a tangible physical asset that you can gift during your life or bequeath on death. You may buy a music download but this does not give you the same rights as you get by buying the CD (unless of course you take further steps, which may not be legal or within the terms of your licence for use). A download is generally the purchase of a licence to listen, read or watch and that licence will always come with restrictions against, rental, lending or sharing and in many circumstances the licence will terminate on death.
Your log in and passwords are personal to you, will not be freely divulged to a third party (even if you have bequeathed the content to which they apply) and in some terms of service sharing your login and password are a breach of the terms of use and will result in termination of the contract. Therefore, while many such digital assets will be lost in the cloud many are simply not freely available for your next of kin under terms of the licence.
Eileen O’Gorman added: “It’s predicted that by 2020 the average person be it a digital native or digital immigrant and will subscribe to about 200 online accounts. That’s why we advise clients to not forget the digital dimension and manage it effectively.”
Although this is a post about digital death, it is not meant to be morose or anything. I just occasionally think of this problem, and while discussing it privately with Jim Groom (co-founder of Reclaim Hosting) recently, I thought it might be worth asking other academics what they are thinking of doing about this. My two questions are:
What happens to a person’s website on their own domain when they die? (currently – it basically dies)
What happens to a person’s digital purchases (Kindle, Audible, iTunes, etc) when they die? (currently, they go back to Amazon/Apple)
The first question might seem an arrogant one to ask – how important is my blog anyway? But I also think about a lot of other academics whose blogs I value, and whose blogs I occasionally cite in peer-reviewed articles of mine. If their blog or website is on, say, wordpress.com, their website will live on as long as wordpress.com exists; if they write in a journal/magazine, their content will probably outlive them; however, if it is on their own domain, this means their website/blog will only live as long as they keep renewing the hosting and domain name. This could end within their lifetime (e.g. not being able to use a credit card for some reason), but will almost definitely happen after they die. At the moment, this is something some of us are thinking about, but I have not yet heard a solution to it. What could one do? Leave a small fund for our heirs to pay to renew the hosting? Pay someone like Reclaim Hosting in advance for a few years? Convert our website into a PDF and pay to host it somewhere safe? Like maybe our university’s repository (if they value our blogging as much as our peer-reviewed writing)? What about non-academics? And no, the Way Back Machine is not really a full solution to this problem, because, as I understand it, it saves webpages not entire websites.
The second question is probably one that more people should be concerned about. I have books that my grandfather had left my father. My child currently reads books that were mine as a child. What happens to all my Kindle books after I’m gone? I pay so much money for Kindle books, and yet the only obvious way to pass those on to someone else is to either give them my phone/iPad (already logged onto Kindle and has access to the cloud) or give them my Amazon.com password – but those don’t seem like good solutions – hardware has a limited lifespan, and the password solution? Imagine accumulating all those passwords from generations of relatives. And what about if I wanted to give my academic books to a colleague and the children’s books to my child? I’m also thinking about my iTunes library. I lived through the time of seeing my parents’ vinyl records (useless by the time I was born), audio and video cassettes (nearly useless by the time I finished college) and CDs/DVDs (still in use, but much less so than downloadable purchases). I recognize that media and hardware change constantly and that even if we pass music/video onto future generations, formats may become obsolete. The paper on physical books becomes yellow and fragile but you can take care of books and we know they can last. Cassettes or such can be digitized. But DRM material? At the moment, there is no easy legal way to pass this stuff on. These are apparently questions others have asked – I found a Wikipedia page on digital inheritance, with references you may want to check out. It seems like a waste of money to buy a Kindle book if no one will be able to read it other than me (side note: lending is allowed for some books; maybe inheritance can be managed the same way).
What is ironic in all of this, is that what does remain after you die are your Facebook, Twitter and LinkedIn profiles. Because… yeah… those spaces representing your identity actually belong to Facebook, Twitter and LinkedIn, rather than you.
As many people spend more and more of their lives online, preparing for what happens to your digital assets after death is becoming increasingly important, lawyers say.
According to Dan Nelson, a partner at Civis Law LLP, your digital legacy can be valuable on an “emotional,” “reputational” and even “financial” level.
“It’s the obvious things, your Facebook, your Twitter, your blog,” he said. “And it’s much more detailed things. It might be your online gambling account. It could be something embarrassing like your Ashley Madison account. Or it could be your World of Warcraft account.”
A woman uses a laptop (Flickr/ Alli Worthington)Dan Nelson, a partner at Civis Law LLP, speaks about leaving online accounts behind after death.
Often, Nelson said, account providers will shut down accounts after they learn that the owner is deceased.
But this could lock loved ones out of troves of meaningful photos, blog posts or even lucrative online holdings.
Because of this, Nelson encourages social media users to consider working their digital assets into their wills.
“We certainly want to include language in the will to empower executors to extract this digital data,” he said.
However, Nelson warned not to include passwords in wills, as that could void your agreement with the account provider.
“We have providers who say ‘if you sign up for our account, it’s our account,'” he said. “You are prohibited from sharing that password and if they catch you, it’s grounds to terminate the account.”