Passing on the keys to your personal digital legacy can be problematic

When, in April 2007, American newsrooms first learned of a mass shooting at the Virginia Tech campus, journalists seeking information on the victims turned to the same rich source. From Facebook they found not only many of the dead students' names but also their biographies, their photos and memorial messages already posted by their friends.

Facebook’s first instinct was to remove the victims’ pages. But after online protests and a letter-writing campaign by friends and families, the tech firm changed its stance and allowed the pages remain online, frozen indefinitely as virtual memorials. Facebook’s practice of “memorialising” users’ profiles after their death remains in place, but the origins of the policy reflect a wider, similarly improvised approach by social media companies to an emerging legal question: what happens to our online persona when we die?

Formidable obstacles

Whereas the bulk of one's communications and files could previously have been easily bequeathed in battered shoe boxes, families trying to access a loved one's virtually stored emails, photos and other digital belongings are likely to face formidable obstacles. "An inevitable part of computer-human interaction is that the people die," says Damien McCallig, a PhD student in law at NUI Galway. "But nobody thinks about how to deal with it. That's the flaw... We're stumbling along, trying to figure out what is best."

The value of a dead relative’s email or social media accounts is often mainly sentimental, but the stakes are often economic. Online gamers can amass significant online assets. A manuscript a great writer might leave behind in her Gmail account could be of huge value.

This poses novel and often complex legal questions that tech firms and governments are only beginning to grapple with. Can one bequeath passwords or login details? What rights of access do families enjoy? And should states amend their succession laws to take account of technological change?

Tech firms differ in their policies, but in general, says McCallig – a specialist on the topic – the trend is towards tightening access. The email service Yahoo! states in its terms that “your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account terminate on your death”.

When Facebook memorialises a page, its content cannot be retrieved by bereaved families. Many firms point to privacy as one of their overriding concerns in limiting families’ access. But does a dead person have privacy rights?

“That’s one of the big conundrums,” says McCallig. “In general in common law countries, personal rights such as the right to privacy do not survive death.” In civil law jurisdictions, however, there is greater acceptance of what are known as personality rights, which in many cases can be transmitted to family members after death. So while the Data Protection Act in Ireland only relates to the living, 12 EU states provide some level of protection to data protection of the dead.

Case law on these issues is relatively scant, but as many bereaved families run up against tech firms’ rigid terms of service, the courts are often their only recourse.

Some succeed. But in September 2012, a British family were refused an order from the US District Court in the Northern District of California to compel Facebook to provide the contents of their deceased daughter's account for use in an inquest in England.

The court did leave open the opportunity for the family to reach an agreement with Facebook for the voluntary release of the contents of the account, but this type of solution leaves a surviving family dependent on the goodwill or discretion of a service provider when dealing with an access request.

Legislation

Five US states have attempted to address the issue of "digital legacies" through legislation recognising specific categories of online account as probate property. Connecticut and Rhode Island provide executors with access to, or copies of, the contents of email accounts; Indiana provides for the release of documents or information stored electronically to a personal representative of the deceased; and Oklahoma and Idaho give executors the power to control, conduct, continue or terminate social media and email accounts. Many other states are considering draft laws.

Ultimately, McCallig believes, the answer lies in service providers giving users the option to decide what they would like to happen to their accounts when they die. Just this month, Google became the first major tech firm to do just that, when it announced a new service to let people control what will happen to email, online posts and blogposts saved in its accounts. Called Inactive Account Manager, it lets users decide whether to trigger it if they haven't logged in for three, six, nine or 12 months, and then either delete their data or send all or selected elements to a nominated person of their choice.

The implications of Google’s move are still being teased out, but it shows how tech firms are coming up with very different answers to the legacy conundrum. The law may have to catch up, says McCallig, “but ultimately, if the service providers dealt with it, it wouldn’t be a problem”.

LEAVING AN ONLINE LEGACY: OPTIONS AVAILABLE

If you want to ensure your online accounts are available to loved ones after your death, there are a few options – each with its own drawbacks.

Online “legacy firms” are commercial websites which, for a charge, store all your passwords and agree only to release them to a friend or family member of your choice when you have died. Many of these sites automatically send you an email at certain intervals. If they don’t receive a reply, the emails become more frequent – until a point arrives when the site assumes you have died and sends your passwords to the specified recipient.

A more practical solution than relying on a fee-charging intermediary is to give your passwords to someone you trust. However, you must be aware that sharing passwords is generally not acceptable under the terms of service of most providers. It could be a criminal offence. You could include your passwords in your will – this is done by one in 10 people in Britain, according to a 2011 survey – but this also breaches many providers’ terms of service – and, following probate, the will becomes a public document.

Finally, you could start asking your email or social media platform to create an option such as Google’s, or lobby your TD for a new law.