Passing on the keys to your personal digital legacy can be problematic

Uncertainty over privacy and ownership rights can leave online data in legal limbo


When, in April 2007, American newsrooms first learned of a mass shooting at the Virginia Tech campus, journalists seeking information on the victims turned to the same rich source. From Facebook they found not only many of the dead students’ names but also their biographies, their photos and memorial messages already posted by their friends.

Facebook’s first instinct was to remove the victims’ pages. But after online protests and a letter-writing campaign by friends and families, the tech firm changed its stance and allowed the pages remain online, frozen indefinitely as virtual memorials. Facebook’s practice of “memorialising” users’ profiles after their death remains in place, but the origins of the policy reflect a wider, similarly improvised approach by social media companies to an emerging legal question: what happens to our online persona when we die?

Formidable obstacles

Whereas the bulk of one’s communications and files could previously have been easily bequeathed in battered shoe boxes, families trying to access a loved one’s virtually stored emails, photos and other digital belongings are likely to face formidable obstacles. “An inevitable part of computer-human interaction is that the people die,” says Damien McCallig, a PhD student in law at NUI Galway. “But nobody thinks about how to deal with it. That’s the flaw... We’re stumbling along, trying to figure out what is best.”

The value of a dead relative’s email or social media accounts is often mainly sentimental, but the stakes are often economic. Online gamers can amass significant online assets. A manuscript a great writer might leave behind in her Gmail account could be of huge value.

This poses novel and often complex legal questions that tech firms and governments are only beginning to grapple with. Can one bequeath passwords or login details? What rights of access do families enjoy? And should states amend their succession laws to take account of technological change?

Tech firms differ in their policies, but in general, says McCallig – a specialist on the topic – the trend is towards tightening access. The email service Yahoo! states in its terms that “your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account terminate on your death”.

When Facebook memorialises a page, its content cannot be retrieved by bereaved families. Many firms point to privacy as one of their overriding concerns in limiting families’ access. But does a dead person have privacy rights?

“That’s one of the big conundrums,” says McCallig. “In general in common law countries, personal rights such as the right to privacy do not survive death.” In civil law jurisdictions, however, there is greater acceptance of what are known as personality rights, which in many cases can be transmitted to family members after death. So while the Data Protection Act in Ireland only relates to the living, 12 EU states provide some level of protection to data protection of the dead.

Case law on these issues is relatively scant, but as many bereaved families run up against tech firms’ rigid terms of service, the courts are often their only recourse.

Some succeed. But in September 2012, a British family were refused an order from the US District Court in the Northern District of California to compel Facebook to provide the contents of their deceased daughter’s account for use in an inquest in England.

The court did leave open the opportunity for the family to reach an agreement with Facebook for the voluntary release of the contents of the account, but this type of solution leaves a surviving family dependent on the goodwill or discretion of a service provider when dealing with an access request.


Five US states have attempted to address the issue of “digital legacies” through legislation recognising specific categories of online account as probate property. Connecticut and Rhode Island provide executors with access to, or copies of, the contents of email accounts; Indiana provides for the release of documents or information stored electronically to a personal representative of the deceased; and Oklahoma and Idaho give executors the power to control, conduct, continue or terminate social media and email accounts. Many other states are considering draft laws.

Ultimately, McCallig believes, the answer lies in service providers giving users the option to decide what they would like to happen to their accounts when they die. Just this month, Google became the first major tech firm to do just that, when it announced a new service to let people control what will happen to email, online posts and blogposts saved in its accounts. Called Inactive Account Manager, it lets users decide whether to trigger it if they haven’t logged in for three, six, nine or 12 months, and then either delete their data or send all or selected elements to a nominated person of their choice.

The implications of Google’s move are still being teased out, but it shows how tech firms are coming up with very different answers to the legacy conundrum. The law may have to catch up, says McCallig, “but ultimately, if the service providers dealt with it, it wouldn’t be a problem”.


If you want to ensure your online accounts are available to loved ones after your death, there are a few options – each with its own drawbacks.

Online “legacy firms” are commercial websites which, for a charge, store all your passwords and agree only to release them to a friend or family member of your choice when you have died. Many of these sites automatically send you an email at certain intervals. If they don’t receive a reply, the emails become more frequent – until a point arrives when the site assumes you have died and sends your passwords to the specified recipient.

A more practical solution than relying on a fee-charging intermediary is to give your passwords to someone you trust. However, you must be aware that sharing passwords is generally not acceptable under the terms of service of most providers. It could be a criminal offence. You could include your passwords in your will – this is done by one in 10 people in Britain, according to a 2011 survey – but this also breaches many providers’ terms of service – and, following probate, the will becomes a public document.

Finally, you could start asking your email or social media platform to create an option such as Google’s, or lobby your TD for a new law.

Sign In

Forgot Password?

Sign Up

The name that will appear beside your comments.

Have an account? Sign In

Forgot Password?

Please enter your email address so we can send you a link to reset your password.

Sign In or Sign Up

Thank you

You should receive instructions for resetting your password. When you have reset your password, you can Sign In.

Hello, .

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

Thank you for registering. Please check your email to verify your account.

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.