Reprinted from the Economist July 18,2013
The Economist explains
Who owns your digital data after death ?
AFTER we die, our bodies are reduced to dust or ash, through burial or cremation. The fate of the digital corpuses we leave behind is rather more complicated. Before the advent of internet-hosted storage and services, your digital remains would have been accessible only to those with physical access to your computers, and only then if you had not applied encryption or password protection. But these days many people leave traces of their lives spread across the internet. Facebook knows who we love and hate, Google knows what we are interested in, Amazon knows what we buy, and so on. Specialist services may even store information about your genetic makeup (23andme) or archives of your files (Dropbox, CrashPlan, and many others). Who owns your data when you’re dead?
No one, not even a probate lawyer, will tell you that the process of transferring property by writing a will—or dealing with the absence of one—is a simple matter. But when it comes to financial assets, physical goods or property, thousands of years of tradition and many hundreds of years of legal precedent provide a basis on which to proceed in even the most esoteric cases. Digital assets that are stored on shared servers in the cloud, by contrast, are so new that legal systems have not yet caught up. Five American states have passed legislation to provide executors and other parties with a legal basis on which to assert authority over digital assets, and others are considering similar rules, but these laws vary widely in what they cover (the oldest of them covers only e-mail). There are no federal laws. The same is true in other countries. To complicate matters further, internet firms may be based in different countries from their users and may store data in servers in many countries, making it unclear whose laws would apply.
A paper by Maria Perrone in the journal CommLaw Conspectus explains how internet firms and digital service-providers sit in final judgment when it comes to deciding the fate of data belonging to the dead. Some firms cite an American law from 1986, the Stored Communications Act, as clearly prohibiting many forms of data handover to heirs or estates, even with verified written instructions asking for data to be released. The law provides no exemptions and involves hefty prison sentences for violators. But every company seems to have its own set of rules, procedures and terms of service. Some require a legal executor to make a request, while others honour requests from anyone who can prove a family connection or even a link to an online obituary. Facebook limits valid parties to requesting either that an account be removed or be turned into a memorial site. Twitter says bluntly that it can deactivate an account on presentation of several bits of information, but it is “unable to provide account access to anyone regardless of his or her relationship to the deceased.” Some firms delete accounts after inactivity; others refuse to allow renewals to keep the data alive; others won’t allow any changes, and leave a user’s data frozen in time, to the distress of those left behind. Several companies, such as Cirrus Legacy and LegacyLocker, offer digital safes for passwords and documents, releasing them only to authorised parties in the event of the owner’s death. But such firms state clearly that their contract is not legally binding in two regards: a judge or executor might compel them to release information to people other than those specific by the owner, and the passwords may be useless if they relate to an account that has been separately deactivated or shut down.