“When a loved one passes away, bureaucratic hurdles and legal uncertainty are the last thing families and friends feel like confronting, so we need clear and fair laws to deal with these 21st Century problems.”
Tech platforms such as Facebook, Apple, Google, Instagram and Twitter differ when determining what happens to your data when you die. The intersection between these online processes and the existing law remains murky.
In 2018, NSW Attorney General Mark Speakman called for the NSW Law Reform Commission to review and report on whether NSW needs legislation to regulate what happens to a person’s digital assets and records when they die or become incapacitated.
“In today’s hyper-connected world, an unprecedented amount of work and socialising occurs online, yet few of us consider what happens to our digital assets once we’re gone or are no longer able to make decisions,” Speakman said.
“This is leading to confusion and complexity as family, friends and lawyers are left to untangle digital asset ownership issues.
“When a loved one passes away, bureaucratic hurdles and legal uncertainty are the last thing families and friends feel like confronting, so we need clear and fair laws to deal with these 21st Century problems.”
In their March 2020 report, the NSW Law Reform Commission recommended a new digital access scheme enabling an authorised person to access a deceased or incapacitated person’s digital records in limited circumstances. They also recommended changes to succession and estate laws to clarify that they apply to a person’s digital property.
The report was tabled in NSW Parliament more than two years ago and the area remains unclear. There is currently no specific law in Australia that applies to a person’s digital assets when they die. Instead, each tech provider outlines their own process and options for what happens to a person’s data on the platform when they die.
Apple recently introduced a feature called “legacy contacts”. This allows users to nominate someone to manage their account in the event of their death. The nominated contact is given an access key and must upload the user’s death certificate to gain access. They have three years to view the account and make decisions about what to do with the information.
Google’s Inactive Account manager allows users to set an inactivity waiting period anywhere between three and 18 months. Once the set waiting period has elapsed, the account will be considered inactive. Users can select up to 10 people to be notified if it reaches this stage. Users can choose whether to share specific data such as Google Calendar, Photos, Chrome and Pay with these nominated people or have the account deleted three months after the account is deemed inactive.
Microsoft takes a very hands-off approach as there is no way of nominating someone to access the account. The account is deleted after two years of inactivity.
Facebook offers a legacy contact option. This person can make a tribute post, change the profile and cover photo or request deletion of the account. Legacy contacts will only be able to perform these functions once the account is memorialised. Facebook memorialises an account when a family member or close friend notifies Facebook of the user’s death. A memorialised Facebook account has the word “remembering” next to the account name. Instead of a legacy contact, users can opt to have their account permanently deleted in the event of their death.
Instagram is owned by Facebook and also has memorialising and deletion features. However, it doesn’t have a legacy contact option. Anyone can contact Instagram to have the account memorialised by providing proof of death. Only immediate family members or lawyers of the deceased can request deletion of the account.
Twitter does not offer a memorialising feature or a legacy contact option. An authorised person of the deceased can contact Twitter to remove the account by providing information and proof of death. LinkedIn also doesn’t offer a legacy contact option. The only options are to memorialise or delete the LinkedIn account.
Some people may opt to give their friends or family or friends their usernames and passwords however tech platforms can still deny them access. It is also important to understand the cyber security implications of password sharing. Some sites prohibit the transfer of data after a person’s death. The NSW Law Reform Commission warned that people may face criminal liability if they access someone else’s data even if authorised to do so.
“We recommend that an authorised person should meet certain procedural requirements when requesting access to digital records held by a custodian. We also recommend that the statutory scheme limit the liability of both the custodian and authorised person if they act in good faith when attempting to comply with the scheme,” the Commission wrote in its report.
Yeslam Al-Saggaf, an Associate Professor of Information Technology at Charles Sturt University, told LSJ, “It is a bit of a grey area determining who actually owns your data on social media, so any legislation in this area would have a big impact.”
“Users may have access to their data, and they can control who has access to their data, but in terms of ownership, it’s a bit tricky,” said Al-Saggaf.