Respresentative Image NEW DELHI: In a landmark ruling when it comes to post-death digital rights , Germany’s highest court has told Facebook to grant a grieving mother access to her late daughter’s account. Citing data protection laws, Facebook had earlier refused to allow the woman access to the profile […]
A couple of recent cases suggest that we could be on the cusp of intestacy and privacy laws stepping in to help assert control over your digital footprint after death, writes Amy Bradbury
In the UK there is no specific legal framework for dealing with digital assets on death and, given we usually don’t own social media profiles (all we have is a licence to use the platform in question), it tends to be the website’s own terms which govern the position.
Some sites have policies in place for when a user dies. Twitter will work with a person authorised to act on behalf of the Estate or with a verified immediate family member of the deceased to have an account deactivated, and both Facebook and Instagram will ‘memorialise’ accounts. Facebook also allows a user to either appoint a ‘legacy contact’ to look after a memorialised account or have the account permanently deleted. However, it remains extremely difficult to get permission to log in to the deceased’s account, see messages or remove or change posts.
This was highlighted by a recent German case. It has been widely reported that Germany’s highest court has ruled that heirs in Germany have the right to access the Facebook accounts of their deceased relatives as a social media contract can be inherited in the same way as documents such as letters. The decision comes after a long battle by the parents of a 15 year old girl to access her profile, including posts and private messages, to try to find clues about whether her death was an accident or suicide. Despite having the account password, Facebook had refused access citing data protection laws and the privacy of third parties. Hailed as a landmark decision, the judgment purportedly sets aside these concerns and takes a step towards putting digital assets on the same footing as physical assets in Germany.
Separately, in the case of Sabados v Facebook Ireland Ltd the English Court required Facebook to hand over certain information to a bereaved partner. Ms Sabados brought an application against Facebook following the deletion of her deceased’s partner’s account at the request of an unknown individual. The judge ruled that Facebook had to provide details of who made the deletion request which, at the time, was unbeknown to the deceased’s family and friends. The application was brought prior to proceedings. Although currently somewhat unclear, it appears Ms Sabados may wish to assert claims relating to misuse of private information at a later date.
In this vein, a recent claim against The Sun has highlighted that publishers may now more readily accept that privacy rights subsist after death. An invasion of privacy claim was issued following the publication of topless photos of a woman in a revenge porn case. The case was settled without admission of liability but the recognition that a privacy claim can be brought after death is significant.
These cases highlight some of the knotty issues and the need for the Courts to step in. At a legislative and regulatory level, little attention has been given to what happens to data and privacy rights on death. Indeed, whilst the introduction of the General Data Protection Regulation (GDPR) in May has signified the increased importance of protecting the data of the living, it does not apply to the deceased.
There has been call for change. For example, the Information Law and Policy Centre, a research centre within the Institute for Advanced Legal Studies at the University of London has specifically identified the issue in its response to the House of Lords Select Committee on Communications’ call for evidence in its consultation on ‘The Internet: To Regulate or Not to Regulate’.
In the meantime, individuals would be wise to take certain practical steps to protect their digital legacy on death by: creating an inventory of digital assets; keeping passwords in a password manager or digital inheritance account; appointing someone to deal with digital assets on death and ensuring that social media account settings have been amended to in accordance with an individual’s wishes where options for memorialisation are available.
A GHOST tour in Edinburgh was where I first discovered the morbid truth about why Victorian headstones often had bells attached.
Buried by mistake? Ring urgently for service.
We’ve come a long way since then, and thanks to modern medicine can be certain when someone’s been ‘called home’ before doing the needful.
If you’re squirming a bit in your seat at the thought, it’s natural. The D word is nobody’s favourite and talking about it is the biggest slap in the face to any healthy dose of self-denial about what’s at the ‘end of the line’.
Anyway, let’s say you are doing a bit of planning and you’ve sorted out what to wear, who to invite and all that, then as a child of the Digital Age you must also put on your ‘to do’ list who can access your social media accounts and other digital assets when you’re gone.
Apparently it’s a bit of a grey area in legal circles and they want to do something about it.
At the helm is the NSW Law Reform Commission which his reviewing laws affecting life beyond your digital death.
Initially they’ve called for submissions from the legal profession and later in the year the public can throw in their two cents worth (and for those born after 1992, when the two-cent coin was demonetised, it means your opinion).
When making the review public, Attorney General Mark Speakman said: “In today’s hyper-connected world, an unprecedented amount of work and socialising occurs online, yet few of us consider what happens to our digital assets once we’re gone or are no longer able to make decisions.
“This is leading to confusion and complexity as family, friends and lawyers are left to untangle digital asset ownership issues, applying laws that were developed long before the arrival of email, blogs, social media and cryptocurrency.”
What the LRC is more worried about is who can access your digital stuff, but although it’s inappropriate to laugh at a time like this, this quote from Speakman was just a little bit ironic.
He said: “When a loved one passes away, bureaucratic hurdles and legal uncertainty are the last thing families and friends feel like confronting, so we need clear and fair laws to deal with these 21st Century problems.”
Bureaucratic hurdles and legal uncertainty are what families and friends are confronted with when a loved one passes away.
I suppose we’ve really only got ourselves to blame, being the most connected of all countries in the world. So, the review will focus on NSW, Commonwealth and international laws, including those relating to intellectual property, privacy, contract, crime, estate administration, wills, succession and assisted-decision making.
The LRC will scrutinise (their words, sounds expensive) the policies and terms of service agreements of social media companies and other digital service providers.
Facebook is at a bit of an advantage here already, having had lots of experience in this area.
On a more serious note, social media companies do handle sites of the deceased differently, from memorialising them to simply shutting them down.
Having a say in what you’d like to happen, particularly given there can be a story of a whole life recorded there, is important.
If you haven’t made arrangements for anyone to take control of your sites or access private emails, the LRC is considering whether additional privacy protections are needed.
The issue of ownership of digital assets upon death cuts across many different areas of law which is why it’s not clear and fair but complicated.
Here I was thinking I’d just leave a list of my 70,000 passwords for someone else to troll through my social media, blogs and websites if they could actually be bothered.
But really, who could forgo the opportunity to plan ahead by scheduling posts and memes to appear long after I’m gone, saying things like ‘I can see what you’re doing’ or ‘There is no Planet-B’.
Visit www.lawreform.justice.nsw.gov.au to read more.
At some stage in most people’s lives they will consider what will happen to their personal property after their death.
Wills and testaments are filled with references to houses, money and family heirlooms, but most have never considered what will happen to their digital property when they die.
New South Wales is shining a spotlight on the issue, becoming the first Australian jurisdiction to investigate whether new laws are needed to clear up who can access data after death.
NSW Attorney-General Mark Speakman has referred the matter to the state’s Law Reform Commission.
“Not many of us think about what happens to our digital assets once we’ve gone or once we can’t make decisions anymore,” he said.
“The last thing that bereaved families want are bureaucratic hurdles and legal uncertainty.
“The Law Reform Commission will look at whether our laws are clear and fair enough to make sure people have some certainty over what will happen to their digital assets when they die.”
What are digital assets?
Digital assets is a broad term that refers to anything from intellectual property, private emails, digital music libraries and social media accounts.
But while most Australians use the internet every day, trustees and beneficiaries can still encounter problems with accessing the data of a deceased person.
“We’re the first Australian jurisdiction to be looking at these issues,” Mr Speakman said.
“There are some states in the United States that have a uniform code at the moment and we’ll be looking at whether those provisions should be replicated in New South Wales.”
The move has been welcomed by legal experts, with calls for reform in the area becoming louder in recent years.
‘Things just drift off into the ether’
Nexus Law Group’s Michael Perkins is a specialist in succession planning and said the NSW Government’s decision was timely.
“With the rising tide of the internet, the online economy and digital devices, the significance of digital data to day-to-day Australians is rapidly escalating,” he said.
“For many people these things just drift off into the ether and Facebook is littered with closed accounts of people who have died that are turned into tombstones.”
Mr Perkins said Australians concerned about what will happened to their digital assets should talk through their concerns with a legal expert.
“In dealing with digital assets, we’re dealing with a global community and a global economy,” he said.
“So the best way to deal with it is to engage in the international trends and make sure NSW properly engages with this very serious and current global issue.”
The Law Reform Commission will report back to the Government with its recommendations, with the review process expected to take between 12 and 18 months.
This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. On Dec. 6, Future Tense will hold a happy hour event in Washington about planning your digital afterlife. For more information and to RSVP, visit the New America website.
Imagine that your beloved brother had just been killed in a car accident, leaving behind not just a grieving (and angry) family, but also dozens of internet accounts, ranging from his Facebook page to his Gmail accounts to his business records. You’ve gone to court, and you’ve received legal authority to clean up your brother’s estate. What rights does that give you to manage his online accounts?
There is, alas, no one right answer. What you can do depends on what actions your brother took before his death, what the online accounts themselves permit, and the laws of the state where your brother lived.
In the past, after a person became incapacitated or died, the legally recognized fiduciary (someone given the power to act on behalf of another) would go to the home of the person who had died and look for paper records of bank accounts, stock holdings, bills to be paid, and business transactions. During that process, they would find old love letters, dirty laundry, and anything else left behind. Laws are clear that this fiduciary has management rights and must act in the best interests of the person who has died.
Today’s world is different. Many of us have chosen to go paperless, so all of our financial statements are delivered electronically; we even file digital tax returns. Our love letters may no longer be written in ink on paper, our reading and listening and viewing interests no longer documented by hardcover books and magazines, record albums, and VCR tapes, and our photos no longer stored in boxes under out beds. In 2013, McAfee released a survey that suggested that on average, we value our digital assets—what we have created, communicated, sent, received, or stored through electronic means—at about $35,000. These assets range from a potentially lucrative domain name to all of those photos we store in the cloud. (In the McAfee survey, the average respondent said that digital “personal memories” were worth about $17,000.)
Collecting all of those records today often begins with accessing the person’s computer, rather than physical file cabinets. You might think then, that your first step should involve accessing your brother’s computer.
But federal and state laws protect against unauthorized access to computers and internet accounts, and internet service providers may prohibit sharing access to data with anyone else through their terms of service agreements, or TOSAs. To protect our privacy on the web, Congress enacted the Stored Communications Act in 1986 (when Mark Zuckerberg was 2 years old) as part of the Electronic Communications Privacy Act. The law prohibits certain providers of public communications services from disclosing the “contents” of our electronic communications without legal authorization, such as a search warrant—or your brother’s permission. (“Contents” includes what is contained in our email messages, although it doesn’t include the user’s name or address, or the date and time the message was sent.) So, even if you have access to your brother’s username and password, it may be a crime to use them. And then there are those TOSAs, the conditions you click through (and most people don’t read) in order to sign up for an internet account. And the TOSAs for many sites warn you against revealing your password. According to Facebook’s Statement of Rights and Responsibilities, you agree that “You will not share your password.” OK, you probably won’t be prosecuted if you use your dead brother’s password to get into his Facebook account—but it is definitely not a risk worth taking.
Some sites have added options to let us plan for management of our accounts when we are no longer able to do so, and maybe your brother took advantage of these services. Facebook now allows you to designate a “Legacy Contact.” Here’s the official explanation:
Once someone lets us know that a person has passed away, we will memorialize the account and the legacy contact will be able to:
– Write a post to display at the top of the memorialized Timeline (for example, to announce a memorial service or share a special message)
– Respond to new friend requests from family members and friends who were not yet connected on Facebook
Similarly, Google offers an Inactive Account Manager. Google users can provide information about a trusted contact who will have access to various Google accounts once the primary user has been inactive for a set period of time. The Google user can specify the period of inactivity before notification is sent and can also indicate to which accounts the trusted contact will have access. Or, if you’d rather not share those accounts, then you can ask Google to delete your account after you go a set amount of time without logging in.
But what if your brother hasn’t designated a Legacy Contact or an Inactive Account Manager? And what about all of those other internet accounts?
Enter the Uniform Fiduciary Access to Digital Assets Act, Revised, which was first proposed in 2015. It is now in effect in more than two-thirds of the states, and it attempts to solve problems with access. RUFADAA allows a fiduciary to manage much of a decedent’s digital property, giving access to many things other than the content of electronic communications (unless this access has been limited by the user or by a court order) and even permitting access to content in certain limited situations.
RUFADAA sets out a four-tiered system of priorities:
- If the internet company provides its own digital tool that is distinct from the general terms of service and through which the account holder has named another person to have access to the user’s digital assets or to direct that the company delete the user’s digital assets (think of Facebook’s Legacy Contact option), then these online instructions control the fiduciary’s access.
- If the internet company didn’t provide this option, or if the account holder didn’t use the tool, then the person can use a will, trust, or another writing to set out what should happen to the digital assets.
- If the user has not provided any direction, either online or through estate planning, then the TOSA for the account controls just what the fiduciary can access.
- However, many of these agreements don’t say what happens when the user dies. If there’s nothing else, then RUFADAA can allow the fiduciary access to digital material other than the content of certain electronic communications. So you would be able to go into your brother’s account to find email addresses, for instance, or to look for the date and time that he sent an important email before he died. But you couldn’t look at what the email itself said (or even the subject line, technically).
The website Everplans offers some helpful advice on how to manage email accounts. But hopefully learning about these problems will make you want to take control of this issue before you are too ill (or too dead) to use your computer. Here are a few concrete steps for you to consider.
First, take stock of your own online universe. Make sure you have an inventory of your digital assets, including all accounts and passwords. And be careful about revealing that information to anyone else not just because you are concerned about your privacy and hacking, but also because it might be illegal for someone else to use your password, even with your consent, if the site’s terms of service prevent password sharing. Luckily, online services can help you keep track.
Second, take advantage of the online management tools currently available and sign up for them. If you haven’t yet activated Google’s Inactive Account Manager or set up your Facebook Legacy Contact, it’s time to do so.
Third, consider drafting some estate planning documents to cover your digital assets. Think about whom you would want to serve as a fiduciary who would get access to your online accounts, and think about how much access you want to give that person. There are samples online, including those from the Digital Beyond and Everplans.
It may be a little tedious and a little macabre—no one likes to think about death. And, of course, this is not legal advice. But you’ll be doing your family and friends an enormous favor if you do a little digital estate planning now.
You depend on Slate for sharp, distinctive coverage of the latest developments in politics and culture. Now we need to ask for your support.
Our work is more urgent than ever and is reaching more readers—but online advertising revenues don’t fully cover our costs, and we don’t have print subscribers to help keep us afloat. So we need your help.
If you think Slate’s work matters, become a Slate Plus member. You’ll get exclusive members-only content and a suite of great benefits—and you’ll help secure Slate’s future.