Federal, State Laws Needed To Address Access to Deceased Individuals' Online Communications
With everything from wedding photos to videos of a child’s first steps to banking information online, individuals need to designate what they would like to happen to their digital assets after they die, experts said. Although some online companies like Google and Facebook have created tools that allow individuals to share what they would like to happen to their data and who can access their accounts after their passing, not every user has made a plan. When a plan isn’t in place, it’s against the Electronic Communications Privacy Act (ECPA) for an online service provider to share information. (Editors' note: In this story we describe digital decedent problems. Part 2 will be about Internet companies' efforts to address the situation.)
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
When Congress passed ECPA in 1986, the goal was to protect the privacy of emails and other electronic communications, said NetChoice Policy Counsel Carl Szabo. Title 18 U.S. Code 2702 allows service providers storing electronic communications to disclose information only if the company has the lawful consent of either the sender or recipient, Szabo said. If an individual were to die without telling Google what the person wanted to happen to his or her Gmail, Google can’t just turn over the information, Szabo said.
Any kind of private communication including the body and subject line of an email, a text or a chat message, remains private unless an individual grants another access to that content, said a spokesman for the Uniform Law Commission, a nonprofit dedicated to uniformity of state laws. Files stored in an iCloud or DropBox aren't protected by privacy laws, meaning a fiduciary would have access unless an individual forbade others to access an account or made it a private account, the spokesman said. Most people don’t make plans for their digital assets, so there's a need for a default rule, he said.
The Privacy Expectation Afterlife and Choices Act, or PEAC Act, is one solution proposed by NetChoice. The law would allow authorized fiduciaries to access select contents of accounts, like the “To” and “From” lines of an email so the fiduciary knows which bank or organization may need to be contacted to close an account. Fiduciaries wouldn’t be allowed to see the content of any emails or text messages unless they had authority to do so from the deceased. “Electronic communications are wildly different from a box of letters,” and are treated more like a phone call than a handwritten letter, Szabo said. The PEAC Act was created with input from groups including the American Civil Liberties Union, Electronic Frontier Foundation, Center for Democracy & Technology and Consumer Action, Szabo said.
The ULC proposed the Uniform Fiduciary Access to Digital Assets Act. UFADAA says unless an account holder says otherwise, a legally appointed fiduciary will have the same access to digital assets as tangible assets and must comply with the account holder’s instructions. Groups like NetChoice and CDT originally opposed UFADAA, citing privacy concerns. In July, the ULC updated UFADAA making it more similar to the PEAC Act, and groups like NetChoice now support UFADAA, Szabo said.
The industry is “creating user choice mechanisms to help fiduciaries find an account or money,” Szabo said. The goal with PEAC Act and UFADAA is to create a default law that says once a fiduciary can prove an account belongs to a deceased individual, the fiduciary can obtain access to communication records, Szabo said. In July, the ULC updated the UFADAA law in a way that better resembles the PEAC Act, allowing groups like NetChoice that once opposed UFADAA to now support the law, he said.
ECPA should be updated and states should pass laws, preferably one uniformed law, to address what's considered a digital asset and what kind of access an individual’s family has to the assets, said the ULC spokesman. Once state legislatures begin to pass the PEAC Act and UFADAA, there will be some relief provided to those who are trying to access assets of a deceased relative or friend, Szabo said.
Best Practices
Experts' recommendations can point up some best practices surrounding digital decedent issues.
Each company has its own rules when it comes to dealing with digital assets, said end-of-life planning company Everplans’ Editorial Director Gene Newman. When dealing with death, people don’t want to go from company to company to obtain access to an account, he said. People don’t often think about how many digital assets they have, Newman said. But if the account, such as an Uber account, isn’t closed, an identity thief may impersonate a deceased individual and charge rides to the deceased’s account, he said. Szabo disagreed, saying an account is more likely to be hacked while an individual is alive via an email phishing scam.
Gray Plant’s James Lamm was one of the first estate planning attorneys to consider digital assets. Digital assets like emails, Facebook posts or Flickr photos don’t necessarily have any financial value, it’s more sentimental or an administrative convenience to access these accounts after an individual dies, Lamm said. But some digital assets, such as digital currencies, have financial value. If individual owned Bitcoins but didn’t give instructions for digital wallet location or password, that money is unrecoverable, Lamm said. The differs from a local bank where a fiduciary could obtain a court order to require a bank to turn over the money to next of kin of the deceased, he said. Other digital assets with financial value include domain names, valuable blogs, websites and content created by writers, photographers and musicians that may be saved on a hard drive or in the cloud, Lamm said.
Instructions for something as simple as how to unlock a tablet or phone can be very helpful after a person dies, Newman said. So many services and accounts -- bank accounts, credit card statements and online investments -- are online that no one thought would be online, he said. The one person who can share how to get into an account isn’t around, Newman said. If a company like Apple were to share a password with someone who called and said his or her grandmother died and the person wanted to access her iPad, people would question the company’s security policies, Newman said.
More than 70 percent of Americans agree their private communications and photos should remain private after they die, according to a survey of 1,012 U.S. adults conducted in January by Zogby Analytics for NetChoice. Sixty-five percent said their privacy is violated if their private communications and photos are shared without their consent even after they die, which is why 75 percent said they either would make arrangements for friends and family to access private communications, or didn’t want anyone to access them.
Companies don’t want to grant access to an account, so they put up barriers to weed out nefarious individuals who are trying to unlawfully access an account, said CDT Consumer Privacy Project Policy Analyst Ali Lange. Many times, a company doesn’t know an individual's identity because not everyone uses a real name when signing up for an account, she said. If a computer isn’t locked and an individual is still signed into his or her accounts, a spouse or anyone else trying to access those accounts could do so, Lange said. If not, the hoops an individual’s personal representative will have to jump through to get access depends on where the individual lived and the circumstances, she said.