Death and Your Digital Data, Continued: How Far Have We Come?
About Jane Collis
Jane Collis is a member of the property and private client practice group, specializing in estate planning, wills, international and domestic trusts and probate.
Jane Collis’s full profile on mjm.bm.
“There is only one kind of shock worse than the totally unexpected: the unexpected for which one has refused to prepare.” Mary, Renault, The Charioteer
In May 2013, I wrote about the importance of addressing digital assets in the context of estate planning. With the passage of almost five years, I thought it would be interesting to revisit this subject. What, if any, progress has been made in identifying the nature and scope of digital assets and the rights arising in respect of those assets on the death of the “user”? To make this review a bit easier, I will adopt the definition of a “custodian” used in the Revised Uniform Fiduciary Access to Digital Assets Act (2015) (“DAA”) of the United States, who is defined as “a person that carries, maintains, processes, receives, or stores a digital asset of a user”. This definition is intended to cover all online accounts, services and social networking providers.
At the time of my last writing, there was a marked inconsistency of approach taken by custodians on the death of a user and a scarcity of legislation to properly address the varied privacy and property issues that arise in the context of internet use. I was pleased to see that, in the United States, which remains the central hub through which data passes for the majority of custodians, and also provides the governing law for most terms-of-service agreements, there has been some legislative movement. However, certainty as to the rights of access to accounts and content by personal representatives and estate beneficiaries of deceased users, and attorneys for incapacitated users, remains elusive and our property rights under threat.
The Definition of Digital Assets
Our digital assets are broad-ranging, from email and social media accounts to avatars and games, from videos and photographs to blogs, from loyalty reward points to music and books and most recently to crypto-currencies stored in a “digital wallet”. There is no universally agreed definition of digital assets and it is an ever-evolving playing field, but generally speaking, if it can be communicated or stored on the internet or a device, it can be considered a digital asset. Not all digital assets will have financial value, many will have sentimental value, some will give rise to intellectual property rights and all will give rise to confidentiality rights. Taken together, these facts make custodians wary of disclosing the content of a deceased user to his or her personal representatives, or anyone else for that matter.
Terms of Service Agreements
We produce and acquire a staggering volume of content with rarely a thought given to our own mortality and we routinely “accept” the terms “offered” by custodians because that is the gateway to whatever point of access we seek. Most of us routinely scrutinise food labels for nutritional information, but how often do we actually read those terms of service agreements, which arguably pose a far greater threat to our wellbeing? We upload and download content, create it, send it and store it, but our ownership of it is dubious and most of us are not even aware of this reality. Digital assets are our inescapable future. How is it that we can ignore the necessity of determining the nature of that “property” and ensuring that we have the means of protecting it for our children and grandchildren? In almost all cases, our digital assets are subject to contract and in many cases those contracts entirely eliminate our testamentary freedom in a manner which would be inconceivable in the context of any other form of property interest.
Natalie M. Banta, Assistant Professor of Law at Valparaiso University Law School writes in “Property Interests in Digital Assets: The Rise of Digital Feudalism” (appearing in Cardoza Law Review 2017 Vol 38:1099) “…digital asset contracts are changing the nature of our property system and reverting to a feudalistic system where the powerful few create the terms of use of an asset for the many.”
Is it Property or not? Who says what?
In this context, a distinction must be drawn between email and social networking sites like Facebook and LinkedIn, which allow users to retain property rights, and digital media custodians like Apple and Amazon, from which a user “purchases” music or books, but is really only granted a licence to use that content.
So, for example, Google’s Terms of Service provide that some of its “Services”… “…allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.” And: “When you upload, submit, store, send or receive content to or through our Services, you give Google…a worldwide licence to use, host, store, reproduce, modify, create derivative works, communicate, publish, perform, publicly display and distribute such content….which continues even if you stop using our Services….” In contrast, Amazon’s Music Terms of Use are emphatic in the alternative: “You do not acquire any ownership rights in the software or music content.”
For those custodians who implicitly recognise the property rights of the user, standard contract terms nevertheless require the granting to them of a licence to use the user’s content. So, for example, Facebook’s Terms of Service state: “For content that is covered by intellectual property rights, like photos and videos,… you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide licence to use any IP content that you post on or in connection with Facebook”. Likewise, Apple requires that you grant them: “a worldwide, royalty-free, perpetual, nonexclusive licence to use the materials you submit within the Services and related marketing.”
Even while recognising that a user may have rights in the content, the same cannot be said for rights in the account itself. Although there is no absolute consistency across the spectrum of custodians, most custodians restrict or prevent the user’s freedom to devise his or her account. For example, Yahoo provides: “You agree that your Yahoo account is non-transferable and any rights to your Yahoo ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.”
Some leave it more open-ended, as does Facebook, which states: “You will not share your password…, let anyone else access your account, or do anything else that might jeopardize the security of your account….You will not transfer your account to anyone without first getting our written permission.” Facebook allows only memorialisation or deletion of a deceased user’s account.
It is critical to remember that digital asset boilerplate contracts are forced upon the user, whose choice is to accept the terms offered by the relevant custodian, or live without their service. As tersely summed up by Apple: “You must accept these terms if you wish to use any of the services. If you choose to accept these terms, you must do so as they are presented to you. No changes (additions or deletions) will be accepted by Apple.”
Clearly, this is not a negotiated agreement between two parties of equal bargaining position and the user is highly unlikely to be freely consenting to the dictated terms in clicking their “agreement”. Ultimate power lies in the hands of the custodian. As Natalie Banta puts it, contracts of this nature are:
“…inherently unfair because they create assets that users value and for which they might want to control disposition at death. These contracts limit core property interests in that asset despite users’ reasonable expectations of inheritability, these contracts deprive individuals of a property right in digital assets, and these contracts change the nature of our property system.” (appearing in Cardoza Law Review 2017 Vol 38:1099, p1133)
We have acquired such a relaxed, or rather, lethargic, attitude toward our relationship with the internet, it is easy to forget how much of ourselves and our personal history we stand to lose if we don’t plan appropriately.
Developments in the United States
As mentioned previously, the United States is a key jurisdiction in relation to internet services. In terms of legislation, however, there is no federal law governing digital assets other than the 1986 Stored Communications Act 18 U.S.C. §§2701-2712, which provides that an internet services provider, in this Act, an “electronic communications service” may not “knowingly divulge to any person or entity the contents of a communication which is carried or maintained on that service”. This statement has formed the basis on which many custodians have denied access to the accounts of deceased users by personal representatives. They do not wish to be sued. It was enough to prevent the issue of a subpoena sought by the executors of the estate of a Facebook user related to a claim for access to the deceased user’s account in the federal case In re Facebook Inc. 923 F. Supp. 2d 1204 (1206 (N.D. Cal 2012). Regrettably, the effect of denying the subpoena, as being in violation of the Stored Communications Act, meant the substantive issue of access by a personal representative to the content of a deceased user was never explored by the court.
On the positive side of the equation, some meaningful estate planning guidance can be extracted from the DAA, which has been adopted by some 38 states as of 2017 and which aims to set in place parameters for access by personal representatives to the digital content of a deceased, or incapacitated, user. Of critical importance to that access is whether the deceased user gave “express consent” to disclosure to his or her personal representatives. In accordance with the DAA, there is an order of priority for determining whether such consent has been given.
Hallmarks of “Express Consent”
Pursuant to Section 4 of the DAA, a user may use an “online tool” (being something separate and distinct from a terms of service agreement) to direct the custodian to disclose to a designated recipient, or not to disclose, some or all of the user’s digital assets, including the content of electronic communications. If the online tool allows the user to modify or delete a direction at any time, a direction using an online tool overrides a contrary direction by the user in a will, trust, power of attorney, or other record. Five years ago, few custodians had established an online tool of any kind. Now, Facebook provides for a “Legacy Contact” and Google has the “Inactive Account Manager”, for example.
Where no online tool has been utilised or where an online tool does not exist for a given custodian, a user may allow or prohibit in a will, trust, power of attorney, or other record, disclosure to a fiduciary (which includes for these purposes, an attorney under a power of attorney, a personal representative under a will or on intestacy and a trustee among others) of some or all of the user’s digital assets, including the content of emails sent or received by the user. A user’s direction under either of the circumstances referenced above overrides a contrary provision in a terms-of-service agreement which does not require the user to act affirmatively and distinctly from the user’s assent to the terms of service. Most terms of service agreements are silent on this issue, in any event.
Failing all of the above, a court application is the only remaining option, which may not be financially supportable where the loss of content is sentimental, but may well be worth pursuing if the user had valuable intellectual property or a stash of bitcoin. Disclosure, either with consent or by court order, will require production of a list of documents set forth in the DAA, including the obvious items such as a written request for disclosure, death certificate, will, grant of probate or other representation and evidence of consent to disclosure. The custodian may also require additional documentation relating to the relevant account. Although the DAA does not extend to Bermuda, it does provide invaluable guidance as to what a user must contemplate in preparing his or her estate planning documentation and could form the foundation for amendment of the Administration of Estates Act in Bermuda.
Developing a Game Plan
In light of the above, the first step in designing your digital assets game plan will necessitate that you inventory your digital footprint and create a list of accounts, passwords and security question answers. It would be sensible to close any accounts that you really don’t use so as to reduce any unnecessary vulnerability to your identity. Take the time to review terms of service and decide whether you really want to deal with any custodian whose terms are not in keeping with your objectives. Consider exactly what is to happen to your content on your death. Provide necessary information to those custodians who have online legacy tools. You might also want to give thought to using some form of password management software or a third party password management service. This has obvious security advantages (as long as the service, itself, doesn’t get hacked!), but also consolidates your information in an easily identifiable location, which will be of assistance to whomever is ultimately dealing with your digital affairs down the road. Lastly, consider storing your photographs and other items of personal significance somewhere that is beyond the control of a custodian. If it matters, deal with it now and remove any risk. As a result of this exercise, you will have clarity as to what package of information and instructions you need to give your personal representatives (your “digital directions”).
“Digital Directions”
On the next occasion that you update your will and/or enduring power of attorney, add language that provides clear and unequivocal consent to your personal representatives (or special personal representatives dealing only with digital assets) to access your content as an “authorised user” (wherever it is stored, whether in an internet account, in the cloud or on a personal device) and in this regard, to have regard to your digital directions. You may actually consider including direct references to the Stored Communication Act and the DAA in your will. It may seem odd when you live in Bermuda, but remember that the vast majority of internet services are managed through the United States and that is where your personal representatives may have to do battle. If your digital footprint is significant and/or your digital assets are valuable, consider providing authority in your will for the hiring of computer experts to assist in the process of identifying, retrieving and securing your content.
You will then need to consider how your personal representatives will find their way to your digital directions. If you keep everything in the “cloud”, then you will need to provide them with a means of access to this trove of information. If you store your digital directions on paper, then they will need instructions for finding that paper. If you have crypto-currency it is critical that your personal representatives can find your key, as this will be the only evidence of ownership. Given that your will becomes a public document once probated, it is best that your digital directions, and even the means of finding your digital directions, do not appear in your will. Moreover, think carefully about making your digital directions accessible to anyone before your death, as there is a risk of financial loss, embarrassment or identity theft if this information finds its way into the wrong hands. All of this must be contemplated against a background of rapidly developing technology and the constant requirement that usernames and passwords be updated. In other words, keeping your information current, but also safeguarded, is a challenge.
Your personal representatives will have fiduciary duties as regards your content, including a duty of care, a duty of loyalty and a duty of confidentiality. As they would with your tangible assets, your personal representatives will need to inventory and secure your digital assets. Subject to your directions to them, they will change passwords, shut down accounts, cancel standing orders, notify your contacts and transfer data in accordance with your wishes and their freedom to do so in the context of the relevant custodian.
In Conclusion
The DAA has given us guidance as to how to prepare for dealing with our digital assets on death and so we are moving in the right direction as far as enabling access to our content by our personal representatives. However, we remain at the mercy of custodians as regards the nature of our rights in our digital content and this can only be addressed through legislation. All of us need to pushback, to expect more and to demand more and to be willing to give up accounts with custodians who are dictatorial in their approach. For many of those custodians, the user is the commodity and if the user won’t play ball, the custodian has nothing to sell. To once again quote Natalie Banta in closing:
“If legislation does not curb this practice, digital feudalism will be the new property structure of the technological world, and users will all be serfs in the system of ownership.” (Cardoza Law Review 2017 Vol 38:1099, p 1156)