States Confront Digital Life After Death

Florida senator is the latest to grapple with what happens to online accounts after you die.

by / November 4, 2014
Florida is set to enter the privacy rights battle over a decedent's digital assets. Shutterstock

When you die, what happens to your online accounts? If you’re like most Americans, you probably haven’t considered the issue, much less prepared for it. But states have been busy legislating the fate of virtual assets in recent years, pitting lawmakers and technology companies against one another in a war over whether your digital afterlife should be kept private.

The disconnect that exists between both sides teeters on the question of whether a decedent’s online privacy choices in life should extend into death. Families want access to the digital records of deceased love ones for a variety of reasons, such as handling financial affairs and preserving personal messages.

But platforms like Facebook and Google have a vested interest in protecting the privacy of their account holders who may not want anyone to view the information contained within those accounts, even after they’ve died.

Eight states have passed laws addressing digital life after death. The most recent was Delaware, in August. House Bill 345, the Fiduciary Access to Digital Assets and Digital Accounts Act, gives fiduciaries in Delaware the power to manage a decedent’s online resources such as email and cloud storage as part of an estate. Depending on whether the fiduciary handling the estate is an executor, trustee, guardian or agent, he or she has a different level of control over a decedent’s online accounts.

The Delaware act was based on a law drafted by trust and estate attorneys with the Uniform Law Commission. The commission provides lawmakers with nonpartisan legislation models.

Florida may be the next state to wade into the murky and morbid issue. Sen. Dorothy Hukill, R-Port Orange, plans to introduce a similar digital assets measure later this year for the state’s 2015 legislative session.

Carl Szabo, policy counsel for NetChoice, a trade association that represents e-commerce businesses and consumers, isn’t enamored of the Delaware act, however. He told Government Technology that the measure ignores user preference on privacy and voids online service providers’ default terms of service.

“The concern we have is not only the privacy when you die, but the privacy of those you communicated with,” Szabo said.

For example, those viewing a deceased person’s email and other communications with friends made at Alcoholics Anonymous meetings now may learn that these friends are alcoholics. Or, if the deceased was an attorney and sensitive emails exchanged with a client were opened and read by family members, it could violate the client’s privacy expectations.

In an interview with Government Technology, Hukill said she’s “very concerned’ about privacy and noted that she’s reached out to a Google representative in Florida to have him or her review her draft bill language and make sure it’s “in sync” technically with what the obligations the company has to its user base.

“Google, Facebook, LinkedIn and Twitter have a problem, because they’re being asked by all different sides for access [to peoples’ accounts],” Hukill said. “And each one of them has been developing their own policies.

“I think my bill will actually ease their burden, because it will standardize the process after death,” she added. “[This way] they are not faced with all these competing requests and not know what to do with them.”

Although technology companies now appear united against state legislation that supersedes their own terms of use -- and where applicable, user privacy choice -- their stance has shifted this year.

California Sen. Joel Anderson, R-San Diego, introduced a bill in January that attempted to strike a middle ground in regard to digital asset privacy. SB 849 acknowledges the contracts between users and service providers, but then also grants fiduciaries access to deceased user accounts after a series of authentication and verification steps.

Those steps included a written request for access, a copy of the user’s death certificate, a certified copy of the certificate appointing the requestor as the executor, a court order designating the executor as the decedent’s agent and an order indemnifying the email service provider from all liability in complying with the order. 

The measure died in committee, however, and the industry then took a hard-line approach to issue.

“Yes, we like to say we’re doubling down on privacy,” Szabo said. “As we took some more time and the issue evolved, we realized that it’s really on the privacy side that we’d rather come out. We want to protect our users’ privacy because that’s what they expect and it’s a promise we intend to keep.”

Szabo said the industry recognizes that more people live their lives online and are shifting to paperless bill-paying and electronic records. So to aid a fiduciary in wrapping up a person’s estate, online service providers are considering a way to allow fiduciaries to access the records of the communication using “outside the envelope” information – the “to and from” lines on emails.

If done this way, Szabo believes an executor can then contact a bank or other institution and close appropriate accounts for the deceased, without actually seeing the contents of emails and other messages and preserving a person’s privacy.

Hukill, however, wasn’t a fan of laws that carve out solutions to just one piece of the digital-assets-after-death puzzle.

“Some of the states are really only addressing one portion of the issue, whereas I would like to approach it all together in a comprehensive manner,” Hukill said. “People aren’t going to start thinking about this until they are in the position of having to deal with the online account of a loved one who has passed away, and then they will realize how important this is."

Brian Heaton

Brian Heaton was a writer for Government Technology magazine from 2011 to mid-2015.