Social credentials: what happens to personal data after the owner’s death?

The transferring of digital heritage due to death is a phenomenon that in the last few years has gained a primary importance but that, to this day, still has uncertainty and complexity under many points of view.

One can think of digitally stored files, emails or social accounts. It may be data that hold just an emotional value for the heirs or that, as it often happens, are sensible to economic evaluation.

The reconstruction of regulations applicable to these cases must face two orders of problems.

Firstly, the Italian legislation with regard to succession dates back to 1942 and, even though it is admirable under a systemic profile, it does not appear to be sufficient to answer every question that the current age raises. The arrival of new technologies and the rise of new forms of protection impose an interpretative effort from a strongly evolutionary point of view.

The second problem concerns the practical applicability of the solutions available to the users and their heirs in a context mainly remitted to the discretion of the digital service providers.

If the user dies without any indications about his/her digital heritage and the data are password protected, it is difficult to establish the rights of the heirs.

To answer, it is useful to refer to the service offered by a common provider, such as Google. With the creation of an account, the user can use many services, like e-mail services and data storage. The diversity of the data associated to an account implies a different evaluation of the consequences with regard to succession and, in the same manner as for the reconstruction of the hereditary level, there will be transferable and untransferable rights.

Imagine the account as a box locked by the deceased and found by the heirs on the opening of the succession. It may seem non-technical, but this comparison represents in reality a largely established criteria in the doctrine.

If we compare the access credentials of an account to the key of the box, we can surely say that the heirs have the right to force it open, or call a locksmith to obtain a copy of the key. It is, after all, a good fell into succession and therefore available to the heirs. If this is true, it is not as true that the content of the box is automatically transmissible to the heirs: if the box contains goods owned by a third person that were only guarded by the deceased, the ownership of those goods, that were never of the deceased, will never be transmissible.

Transposing these considerations to the account, we could affirm that the heirs have the right to obtain by the provider the access credentials after the user death. Even if the access does not imply the free availability of the data, it can be necessary also for the reconstruction of the inheritance of the deceased.

It could also happen, for instance, that a widow is interested in accessing her dead husband’s account to retrieve their wedding photos, digitally stored in a cloud archive protected by password. It is also possible that the heirs of a famous writer would want to access the digital archive of the deceased to retrieve the unpublished work of the author, remained such precisely because of his/her death. In both cases, it is about an access to materials that, for the effect of the succession, entered in the heritage of the heirs, no matter the emotional or patrimonial value that is given to it.

It would be different if, through the credentials of the deceased, the heirs had access to business data: in this case, that data was not freely available to the deceased and therefore the heirs would not be authorized neither to request access credentials nor to have business data stored in the private accounts of the deceased.

The same conclusions can be applied to the email box: like the traditional letters of the deceased in the locked box, even e-mails are data that the heirs have the right to access, always with the mentioned attentions with regard to the content of each e-mail.

If this is true theoretically, in practice it is extremely difficult to obtain the account access credentials of a dead person.

If it is not possible to retrieve in any way the deceased’s access credentials, not even by relying on skilled technicians, the heirs will have to contact the service provider and rely on its collaboration.

At this point, beside the general regulation with regard to succession, the terms of use of the service accepted by the deceased will be very important. The user, with the creation of the account, concludes a contract with the service provider which has effects even after his death and, most importantly, also for the heirs.

Google, for example, reserves the right to close the accounts of dead users, limiting to allow the heirs only the access to single contents and only in specific circumstances (without, however, indicating which circumstances).

The Terms of Use of Facebook, instead, prescribe the automatic transformation of the dead user account to a “Memorialize” account, which is an account by the name “Remembering …”, which nobody can access to, not even if in possession of the password.

The explanation given by these two providers seems to be the protection of the privacy of their users, imposed by the current privacy dispositions.

Nevertheless, the motivation does not appear to be agreeable for two reasons: first of all, the EU Regulation 2016/679 explicitly provides that the rules on personal data protection do not apply to the data of a dead person; secondly, the lawfulness of a preventive and irrevocable approval by the user to block or delete their data after death needs to be at least questioned.

The heirs could rely upon these considerations under a legal proceeding but the preferred solution remains to predict in advance the fate of one’s own digital heritage.

While waiting for an organic intervention of the legislator, today one can resort to the post-mortem proxy, a settlement through which a party notifies the other about his own confidential credentials, entrusting the responsibility to guard them and communicate them to the heirs after death.