Jusletter IT

Law and Technology of Online Profiles after Death

  • Author: Irina Baraliuc
  • Category: Short Articles
  • Region: Belgium
  • Field of law: Data Protection
  • Collection: Conference proceedings IRIS 2012
  • Citation: Irina Baraliuc, Law and Technology of Online Profiles after Death , in: Jusletter IT 29 February 2012
Post-mortem aspects of online existence of people, in particular of online profiles on social networking sites, are becoming of an increasing interest for users, family members and friends of a deceased person, on one side, and lawyers and policy makers, on the other side. At stake are the interests of (1) directly involved users concerning their privacy and protection of their data, as well as their reputation after death, (2) surviving family members and friends who will have to deal with the death of a close person and may be even indirectly involved when the online profile would go on to exist even after the death of their next kin, (3) other users, sensitive or other personal information about whom may be posted on the online profiles after death. This paper is an attempt to answer the question whether current legal frameworks provide sufficient protection of such interests related to online profiles of deceased users. It examines briefly the currently available technological possibilities to deal with online profiles after death, while the legal analysis looks into the legal frameworks (data protection, succession law) in order to identify provisions that regulate the protection of personal data of deceased individuals.

Inhaltsverzeichnis

  • 1. Introduction
  • 2. Technology-based solutions offered for online profiles after death
  • 2.1. The approach of SNSs in dealing with online profiles of deceased users
  • 2.2. New web-based services managing online existence after death
  • 3. Legal aspects of online data profiles after death
  • 3.1. General data protection regulations concerning deceased users
  • 3.2. The case of protection of health-related data of deceased persons
  • 3.3. Succession law
  • 3.3.1. Introduction
  • 3.3.2. Testamentary burden – a solution?
  • 3.3.3. Relevance and applicability of succession law to data contained in online profiles after the death of their users
  • 4. Conclusion
  • 5. Bibliography

1.

Introduction ^

[1]
“When you’re dead, you’re dead. That’s it.” (Marlene Dietrich). But is that it? We are reaching today a stage in the development of web 2.0 when its participants cease to exist in the real world, but they continue to persist in the online world. The issue of online existence after (real-world) death is moving from being a subject of newspaper articles and blog posts to the academic community.1 It has also drawn the attention of public authorities with competence in privacy and data protection: the Canadian Privacy Commissioner requested Facebook to explain several areas of its privacy policies, including those concerning deceased users. In particular, the Canadian Privacy Commissioner Office referred to the practice of memorializing of accounts of deceased users, the initiative for this request coming from concerned individuals.2
[2]
In the following, this paper will give an answer to whether the current legal frameworks provide sufficient protection for the data contained in the online profiles of deceased users. Technological aspects of online profiles after death would be examined from the perspective whether nowadays the technology can offer sufficient protection to online data after death, considering the interests of involved persons. In this context, I will examine the current solutions provided by the SNSs and the recently established web-based services managing online assets in respect to the online profiles after death and I will identify the advantages and, more specifically, the drawbacks of these solutions in the light of upholding the privacy and data protection interests of the users/customers. Further, an insight will be provided with regard to the existing legal provisions that are applicable to online profiles or opportunities to introduce new solutions, considering the turbulent technological development. Since online profiles contain personal data, they would be viewed in light of data protection regulations, in particular concerning extension of data protection to deceased individuals. Another obvious area of law relevant for the interests of a person after death is succession law, which would help clarify (1) whether this area of law can be applied to individuals in their online life, and (2) whether the existing provisions on transfer of property after death and expression of the deceased’s wishes in a will may extend protection of his interests concerning online profiles after his death.

2.

Technology-based solutions offered for online profiles after death ^

2.1.

The approach of SNSs in dealing with online profiles of deceased users ^

[3]
The tools developed by SNSs are generally available for the next of kin of the deceased user, other persons that need to show their relation to her or any other interested persons upon a legal request, require a proof of death and offer the options of deletion or preservation (memorialization) of the account. The SNSs respond to the concerns of family members and friends, but the interests of the concerned user are not taking into account, e.g. in cases when a user does not want to have his account memorialized or he wants to have his account deleted and currently the SNSs do not provide any mechanisms in this regard. Since only family members and friends that can make such a decision, this might be contrary to the wishes of the user, especially in the case of requests made even by non-family members (as in case of Facebook). To overcome this striking imbalance of interests, an individual may opt for services provided by certain companies, which specifically deal with online assets after death and will be examined below.

2.2.

New web-based services managing online existence after death ^

[4]

Several services have been selected to analyze the basic characteristics of services related to dealing with online profiles3: AssetLock4, DataInherit5, Deathswitch6, Legacy Locker7, and Entrustet8. These contain sufficient information to be able to assess their mode of operation and to identify common features and characteristics. These companies should not be regarded as providers of legal services, since the services are not provided by legal professionals.9

[5]
The characteristic features of the examined services are: (1) the determination of the moment when the customer passed away, and (2) the actions undertaken by the system when the customer is considered dead. Some of them opt for an automatic mechanism, which “decides” the moment of death at the failure of the user to enter a password upon several repeated requests. Others enable the customer to designate trusted person(s) to report his death, occasionally proved by an official certificate of death. The second option seems to be more appropriate, because the automatic mechanism may fail in certain cases, e.g. long-term illness of the customer, which impeded him to enter the password during the respective period of time. Once the system is notified about the death of the customer, in most cases the companies release the information by email or on their website to the persons designated by the customer and these beneficiaries fulfill the instructions of the deceased. In the end, the designated beneficiaries manage the online assets and there is neither certainty nor accountability for these beneficiaries that the online assets would be dealt in according to the wishes of the deceased person. One examined service plans to introduce a mechanism of deleting online accounts without involving beneficiaries. This may further increase the privacy of the user, because it does not involve any persons related to the deceased and the customer has the certainty that some information, like private messages in SNSs, will not be disclosed to any person. Deciding between releasing information to designated beneficiaries and deleting accounts implies thus privacy concerns of the customer and trust in his beneficiaries or the website. There are no available tools to enforce that what happens after the death of their customer is in line with his expectations.
[6]
Under EU data protection law, these companies are information society services, since they provide services “for a remuneration (…) by electronic means, and at the individual request of a recipient of services”.10 They process personal data, which makes them data controllers. The Data Protection Directive imposes on the data controller the obligation to process personal data fairly and lawfully, for legitimate purposes and in an appropriate manner related to these purposes.11 It also stipulates that data controller is obliged to take appropriate technical measures to protect the data against accidental and unlawful destruction, loss, disclosure and access, thus ensuring its security.12 In this sense, the EU data protection legal framework offers certain level of protection to customer data during customer’s life, regardless of the stipulation of liability exemptions in the Privacy Policies of these companies.

3.

Legal aspects of online data profiles after death ^

3.1.

General data protection regulations concerning deceased users ^

[7]
Generally, deceased individuals do not have privacy interests. One possible reason could be that the persons do not feel shame or humiliation anymore.13 The Data Protection Directive applies “to the processing of personal data”,14 which is “any information relating to an identified or identifiable natural person (‘data subject’)”,15 from which it can be inferred that the data protection applies to living natural persons. The Directive does not extend this protection to deceased users.
[8]
Data protection legislations of EU member states16 do not apply to data of deceased persons, these laws generally referring to an ‘identified or identifiable natural person’. Some data protection laws explicitly provide that the data protection refers specifically to ‘living’ persons, as for instance in Sweden or the law specifies that personal data is “information … that may be referable to a natural person who is alive”17 or in Ireland where the law defines personal data as “data relating to a living individual”.18
[9]
Exceptionally, in few countries the data protection regulations apply to deceased individuals. The Explanatory Memorandum to the Danish Act on Processing of Personal Data states that the law applies to the data of deceased persons, yet without details.19 In France, the right to privacy is extended to deceased persons entitling surviving family members privacy claims on behalf of the deceased person, since privacy rights include all aspects of spiritual and physical being, each person being able to define the extent of the private life.20 In Sweden, the laws may extend the protection in specific situations, such as confidentiality or credit data.21 The Estonian Personal Data Protection Act explicitly extends “processing of personal data after death of data subject” that allows processing of personal data with consent of expressly mentioned close relatives, which is not anymore necessary after thirty years from the date of death.22
[10]
In the US case, the Freedom of Information Act (FOIA) provides some privacy interests for the survivors of the deceased persons, under Exemption 6.23 The courts of most states did not deal with privacy cases concerning deceased persons,24 federal courts rejected privacy rights of deceased persons, since under common law, privacy is a personal right and concerns only living persons. In 2004, the Supreme Court held that the FOIA protected the privacy rights of the surviving family member with regards to images from the death scene.25 The survivor privacy protection principle under FOIA consists in protecting surviving family member from “disruption [to] their peace of mind.”26 This principle cannot be directly applied to deceased person, “but careful consideration should be given to whether such protection can be extended to others.”27
[11]
The Australian Privacy Act could extend protection to if the concerned data discloses information about a living person.28
[12]
This allows the observation that the law is concerned to a very limited extent with data protection rights of deceased persons and/or their surviving family members.

3.2.

The case of protection of health-related data of deceased persons ^

[13]
A type of data that enjoys privacy protection even after the death of the data subject is health data, examined here for the purpose of identifying the underlying reasons and mechanisms to extend privacy protection to deceased persons. In the EU, in the absence of a specific legal instrument concerning health-related data, this data is then regulated by the Data Protection Directive, which qualifies data concerning health as sensitive information,29 imposing on the processing of such data additional requirements for the data controller,30 but, as mentioned above, this do not apply to deceased members. In the national legislation, there are few examples when the countries adopted specific regulations concerning health-related data.31 In the UK access to health records of a deceased patient is given to his personal representative or any person who might have a claim arising out of his death.32 This right is given also to other persons than the surviving family members.33
[14]
In common law systems, for example in US, privacy protections apply for as long as the covered entity maintains the information, initially set at two years from the date of death.34 The information of a deceased person can be disclosed, if it is considered to be relevant for the treatment of another family member35 and use and disclosure for research purposes.36 Requests to disclose personal medical information can be also made by representatives of mass-media or biographers.37
[15]
In Canada, some provinces provide access to personal health information to family members, if this proves necessary in relation with health conditions relevant for the latter,38 to find out the cause of death,39 to notify or contact a family member about the death of the individual.40 The disclosure of information shall not violate the privacy of the deceased individual, i.e. only that information is disclosed that is absolutely relevant for stated purpose.41 At the same time information about a deceased person can be released (without prior concern of the deceased person or his legal representative) for research purposes.42
[16]
The analysis of health-related data regulations reveal following justifications for extension of protection after death:
  1. For the benefit of the surviving family member: the health information of a deceased person may contribute to addressing their health issues (for example, in case of genetic diseases) and to providing some inner tranquility, by offering explanation for the death (cause of death) for close family members.
  2. For the benefit of the society: the health information of a deceased person may be used for medical research that can contribute to treatment, care and prevention of some diseases, or to inform the public about the circumstances related to the deceased person.
[17]
An important feature in the process of disclosure is the weighing of confidentiality interests of the deceased patient against the competing interests of his family members and of the society at large.43 Within the available technological solutions, the confidentiality protections depend on the balance of confidentiality interests against disclosure interests and this balancing is left to the discretion of the data controller. In case of online profiles after death, the SNS is the one that can balance these interests and as shown above, the analyzed SNSs consider only the interests of surviving family members and sometimes friends, ignoring the interests of the deceased person. However, currently SNSs can satisfy the interests of only one person (the one making the request to preserve or delete the online profile), disregarding the interests individuals. In this context, the SNSs should develop solutions to respond to these needs, for example, if a. a connected user of the deceased wants to delete his personal information from the online profile of the deceased user.
[18]
With regards to the interest of a person after death, it should be mentioned that having interests requires consciousness, which means that only a living individual can formulate interests, including for the period after death. A deceased person cannot have any interests since it does not meet the consciousness requirement.44 However, a person can be referred to as the “antemortem” person, who is the person during his life, and the “postmortem” person, who is the dead person.45 According to this classification, the antemortem person can have interests that survive his death. This approach is quite vague and may still fail under the arguments that respecting the interests of a person makes sense only if the respective person is living, since violation of his interests produces some consequences that affect him. Nevertheless, it cannot be ignored that a person might have interests concerning the afterlife, e.g. protection of his reputation. In a different angle, violation of the interests of a deceased person does not produce any real harm to him, since a dead person does not suffer or feel pain and emotional distress. On the other side, there are the interests of the family members and of the society. If to weigh their interests related to their future health and life against the interests of a deceased person, it is obvious that the interests of the former would prevail. Thus confidentiality may be breached if the non-disclosure would harm other important values,46 such as health and life. Similarly, when it comes to the online life of a person, his close relatives and friends might have an interest in getting to know, preserve or delete an online profile, as part of their grieving or remembrance process. They might be interested in protection of their reputation too.

3.3.

Succession law ^

3.3.1.

Introduction ^

[19]
An area where the interests of the individual survive his death is succession law. The overview of succession law focuses on the two major representatives of continental civil law, Germany and France, and on UK and US, as representatives of the common law system:
  • According to the German Civil Code, upon death of a person the property passes to one or more persons.47  This implies property as the object of inheritance.48
  • The French Civil Code infers that succession refers only to transmission of property rights and does not present any other particular characteristics (compared to the German succession law),49  relevant for the scope of this paper.
  • The succession in the common law systems is based mostly on the English law50, especially the substantial part regulated in statutes. In the absence of a will, the estate of a deceased person is inherited by his/her spouse and the surviving descendants, the statutes regulating the degrees and modalities of distribution of the property. 51

 

3.3.2.

Testamentary burden – a solution? ^

[20]

The will is used to produce effects after his death. The characteristic feature of the will is that once it is produced in accordance with legal requirements, it has legal force, thus being supported in public sphere and, if necessary, enforced by public authorities,ERR which gives the person who produced it some certainty that his last wishes will be fulfilled.

[21]

The will is used to produce effects after his death. The characteristic feature of the will is that once it is produced in accordance with legal requirements, it has legal force, thus being supported in public sphere and, if necessary, enforced by public authorities,52 which gives the person who produced it some certainty that his last wishes will be fulfilled.

 

[22]

In German civil law, an individual is offered several possibilities to express his last will: testament, legacy, testamentary burden and contract. With a testamentary burden the deceased oblige the heir or the legatee to perform a certain act,53 which does not necessarily have a property value, as long as it does not contradict the law.54 The testamentary burden can have another purpose than enriching someone and this differentiates it from other types of wills.55 The open characteristic of this stipulation may enable an individual to impose obligations on a person, as long as he provides all necessary details necessary for the execution of the obligation, since the obligation may be cancelled if its performance appears to be impossible.56 The obligation of dealing with the online existence may be also included in a contract of inheritance, which might have as object the testamentary burden as well.57

 

[23]
In the UK the wills regulated by the Wills Act of 1837 (with subsequent amendments) are generally associated with transfer of deceased’s property, but it may contain other provisions related to the testator’s body and appointment of guardians for testator’s children.58 Even if the document would include only the latter kind of provisions, it is still considered a will, if it is carried out in the form prescribed by the law.59
[24]
In the US, the content of the will may also include provisions not related to property, such as burial directions, appointment of guardianship for minor children, etc.60
[25]
The form of the will is given much attention, while the content of the will is not regulated in detail.61 This can be explained by the private-public character of the will, where the “private” relates to the wishes of the individual and “public” relates to the legal enforcement of the document. The limited regulation of the content of the will is justified by the generally recognized freedom of the testator,62 and in order to balance the public-private interest the state imposes the form of the will.
[26]
One development that can make a connection between classical succession law and technology managing online assets after death is the electronic will, a revolutionary regulation introduced by the Nevada, US.63 This decision was aimed at creating convenience in producing a will and responding to the needs of citizens who lead digital lives.64 The statute has some legal drawbacks65 and problems of technological nature,66 considering the current state of technological development, the will stored on paper seems to remain the best option so far,67 but its significance for updating the succession law provisions to the changes in our today society is remarkable.

3.3.3.

Relevance and applicability of succession law to data contained in online profiles after the death of their users ^

[27]
The succession by statue is relevant for online profiles after death, only if the personal information contained in the profiles is considered property. Based on the civil law provisions regarding the goods that make the object of property, and in particular the division of goods in movable and immovable (or personal and real), it is difficult to regard information as object of property. From a privacy (data protection) angle, there are arguments in favor and against considering personal information as property, both from opponents and advocates.68 The propertization of personal information is seen rather as a solution to overcome deficiencies of information privacy/data protection legislation. One way to look at this issue is on the basis of the relation between privacy and disclosure rules, assuming that personal information is property and assigning it to a person is the logical alternative to absence of information privacy.69 Further, it is necessary to distinguish who owns the information initially, the individual or the data controller, which leads to two types of rules: non-disclosure, where the individual controls the information as long as it is his personal information and disclosure, where the data controller controls the personal information.70 Applied to SNSs, the data user may be vested with property rights on his personal information contained in the online profile, as opposed to the situation where the SNS as data controller controls his personal information and may not offer him sufficient protection of his data.
[28]
It is quite uncommon that other wishes of the deceased, besides transfer of property, are included in the will. Certainly these may be expressed in other ways, but they will not be legally binding and thus unenforceable. Considering the inclusion in the will of certain directions concerning the disposal of a deceased’s body or guardianship of children, other instructions, such as those concerning online profiles, may be included as well, given the freedom of the testator and of the will. Another option to be considered could be the testamentary burden (as provided in the German Civil Code). The testator would indicate all technical details concerning his online profiles, so that the testamentary burden is possible to carry out and not considered void. This gives the possibility to the testator to decide about his online presence, including the online profiles.
[29]
As concerning the form of the will, the possibility of introducing an electronic will should be considered. The services provided by the companies managing online assets after death may take the form of a quasi-electronic will (i.e. adopt its basic characteristics), which may increase the trust of customers in this type of services. However, at this particular moment of time the companies could not provide services related to the electronic will, because the legal background is still lacking in most jurisdictions, and the will, regardless of the form it takes, is a legal instrument mainly designed to transfer property (unless personal information is regarded as property).

4.

Conclusion ^

[30]
The main findings of this research revealed certain gaps in the data protection of deceased individuals after their death. These gaps may be bridged by improving the current technological solutions and extending the scope of the law. First, the SNSs should reduce the circle of people that may make a request to memorialize or delete an online profile, limiting it to close family members (similarly the degree of heirs in succession by intestacy), at the same time offering the opportunity of a connected user to remove data from the profile of a deceased user.
[31]
Second, for the web-based services dealing with online profiles of deceased users to be used more extensively, these services need to improve the protection of data submitted by their customers, thus diminishing the risks for the customers that the data concerning their online accounts is damaged or lost. From a legal perspective, once the regulations concerning electronic wills are in place, they may step further and transform these services in legal services, thus providing even more guarantees for the customer that his instructions will be fulfilled after his death.
[32]
From a legal point of view, it might seem premature to provide a general protection of data of deceased persons, considering the extent of personal data besides the data contained in online profiles. Where there is a need (such as personal health-related records), the regulations are already in place in many countries or will be introduced together with implementation of health records system. Nevertheless, the concerns of individuals concerning their online life after death may be responded with succession law provisions, in particular regulating testamentary burdens. The testament is the most suitable instrument in this regard, since even if information is considered property and may form the object of intestate succession, there are some additional technical elements, such as passwords and IDs that are not automatically transferred together with the online assets, thus impeding the heirs to take any actions. Therefore a testamentary provision is more appropriate for the testator to express directions concerning his online assets and to provide the necessary technical details, in order for these directions to be possible to be carried out.
[33]
In conclusion, the undertaken research of technological and legal aspects in handling data contained in online profiles of deceased users showed that currently the technology and the legal frameworks in various countries do not provide sufficient protection of this data. None of them offer perfect solutions. From the legal point of view, because in many instances law lacks the coverage of online-related aspects and the old provisions concerning real life are difficult to be applied to online life. A tentative solution might be a wide application of testamentary burden. Considering the existence of an interest in extending the data protection after the death and that technology and law already made some first attempts to respond to these concerns, it is significant to provide legal and technological tools that would ensure the consideration of data protection interests of SNS users even after their death.

5.

Bibliography ^

Atkinson, Thomas E., Handbook of the Law of Wills and Other Principles of Succession Including Intestacy and Administration of Decedents’ Estates. West Publishing, St. Paul. (1953).

Berg, Jessica, Grave Secrets: Legal and Ethical Analysis of Postmortem Confidentiality. Connecticut Law Review, Vol. 34. http://ssrn.com/abstract=301286 (2001).

Beyer, Gerry W., Hargrove, Claire G., Digital Wills: Has the Time Come for Wills to Join the Digital Revolution? Ohio Northern University Law Review, Vol. 33. http://heinonline.org/HOL/Page?handle=hein.journals/onulr33&div=31&g_sent=1 (2007).

Buchholz, Stephan, Kommentar zum Bürgerlichen Gesetzbuch, Band 6 Erbrecht. Luchterhand, Germany. (1990).

Crabb, John H., The French civil code/translated. Kluwer Publishers, Deventer, The Netherlands (1995).

Denham, Elizabeth, Privacy and the Worldwide Web: How the OPC Investigation of Facebook made Worldwide Waves. September 2009, Ottawa. http://www.priv.gc.ca/speech/2009/sp-d_20090930_ed_e.cfm (2009).

Finch, Janet, Hayes, Lynn, Mason, Jennifer, Masson, Judith, Wallis, Lorraine, Wills, Inheritance and Families. Clarendon Press, Oxford. (1996).

Grant, Joseph Karl, Shattering and Moving Beyond the Gutenberg Paradigm: The Dawn of the Electronic Will. University of Michigan Journal of Law Reform, Vol. 42. http://heinonline.org/HOL/Page?handle=hein.journals/umijlr42&div=6&g_sent=1 (2008).

Herold, Rebecca, Is there Privacy Beyond Death? February 2005. http://www.privacyguidance.com/files/Privacy_Beyond_Death_Herold.pdf (2005).

Herold, Rebecca, How to protect your privacy after you die? April 2010. https://www.infosecisland.com/blogview/3537-How-to-Protect-Your-Privacy-After-You-Die.html (2010).

Kerridge, Roger, The Law of Succession. Sweet&Maxwell, London. (1996).

Korff, Douwe, EC Study on Implementation of Data Protection Directive: Comparative Summary of National Laws. 2002. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1287667 (2002).

Lange, Heinrich, Kuschinke, Kurt, Lehrbuch des Erbrechts. Munich. (1995).

McCarthy, Patrick M., Michigan’s Freedom of Information Act and Personal Privacy: A Divergence from the Federal Freedom of Information Act as to Privacy Interests of Deceased Persons and Their Families. University of Detroit Mercy Law Review. http://heinonline.org/HOL/Page?handle=hein.journals/udetmr69&div=32&g_sent=1 (1992).

Murphy, Richard S., Property Rights in Personal Information: An Economic Defense of Privacy. The Georgetown Law Journal, Vol. 84. http://heinonline.org/HOL/Page?handle=hein.journals/glj84&div=64&g_sent=1 (1996).

Opton, Frank G., Decedents’ Estates, Wills and Trusts in the U.S.A. Kluwer, Deventer, The Netherlands. (1987).

Pitcher, George, The Misfortunes of the Dead. American Philosophical Quarterly, Vol. 21, No. 2. http://www.jstor.org/pss/20014044 (1984).

Purtova, Natalia, Property Rights in Personal Data: Learning from the American Discourse. Computer Law & Security Report, Vol. 25, No. 6. http://ssrn.com/abstract=1554341 (2009).

Roth, Paul, Privacy Proceedings and the Dead. Privacy Law & Policy Reporter 31. http://kirra.austlii.edu.au/au/journals/PLPR/2004/31.html (2004).

[34]

The will is used to produce effects after his death. The characteristic feature of the will is that once it is produced in accordance with legal requirements, it has legal force, thus being supported in public sphere and, if necessary, enforced by public authorities, which gives the person who produced it some certainty that his last wishes will be fulfilled.

  1. 1 Initially, the posts on personal blogs were triggered by loss of a close relative and the information on the online profile of the deceased person helped them to cope with the grief. The death of a close relative or a friend raised further questions, among others what to do with a deceased user’s account on social networking sites (SNS). The blogs refer the memorializing of accounts, the public or private status of the online profile, and whether the future of the profile depends or not on the wishes of surviving family members.
  2. 2 Denham, E., Privacy and the Worldwide Web: How the OPC Investigation of Facebook made Worldwide Waves. September 2009, Ottawa. http://www.priv.gc.ca/speech/2009/sp-d_20090930_ed_e.cfm (all links are accurate as of February 2012) (2009).
  3. 3 The examination of these websites was carried out in 2010.
  4. 4 http://www.assetlock.net.
  5. 5 http://www.datainherit.com.
  6. 6 http://www.deathswitch.com/.
  7. 7 http://legacylocker.com/.
  8. 8 http://www.entrustet.com/.
  9. 9 The new emerged businesses dealing with online assets after death offer various types of services. Some of them use a list of passwords and details that would be sent to one designated person, along with the instruction of the customer. Others are more complex, involving several categories of participants and providing several types of services that range from email accounts, to online banking accounts, and offer the possibility to assign different beneficiaries to each type of information, thus increasing the privacy and data protection interests of the customer and his peace of mind.
  10. 10 European Parliament and Council Directive (EC) 98/34 of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulation and of rules on information society services (1998) L 204/37, Art. 1(2).
  11. 11 European Parliament and Council Directive (EC) 95/46 of 24 October 1995 on the protection of individual with regard to the processing of personal data and on the free movement of such data (1995) L 281, Art. 6.
  12. 12 Ibid Art. 17.
  13. 13 Roth, P., Privacy Proceedings and the Dead. Privacy Law & Policy Reporter 31, 2004. http://kirra.austlii.edu.au/au/journals/PLPR/2004/31.html (2004).
  14. 14 European Parliament and Council Directive (EC) 95/46 of 24 October 1995 on the protection of individual with regard to the processing of personal data and on the free movement of such data (1995), L 281, Art. 3.
  15. 15 Ibid Art. 2(a).
  16. 16 Data protection legislation of Belgium, Finland, Germany, Greece, the Netherlands, Portugal, Spain and UK was examined for this purpose.
  17. 17 Swedish Personal Data Act of 24 October 1998 (translation). http://www.sweden.gov.se/content/1/c6/01/55/42/b451922d.pdf (1998).
  18. 18 Irish Data Protection Acts 1988 and 2003: Informal Consolidation, Art. 1. http://www.dataprotection.ie/viewdoc.asp?DocID=796&ad=1#1 (2003).
  19. 19 Korff, D., EC Study on Implementation of Data Protection Directive: Comparative Summary of National Laws. 2002, section 3.2. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1287667 (2002).
  20. 20 Herold, R., How to protect your privacy after you die? April 2010. https://www.infosecisland.com/blogview/3537-How-to-Protect-Your-Privacy-After-You-Die.html (2010).
  21. 21 Korff, D., section 3.2 (2002).
  22. 22 Estonian Personal Data Protection Act of 1 October 2003 (translation), Art. 13. http://www.legaltext.ee/text/en/X70030.htm (2003).
  23. 23 Herold, R. (2010).
  24. 24 McCarthy, P. M., Michigan’s Freedom of Information Act and Personal Privacy: A Divergence from the Federal Freedom of Information Act as to Privacy Interests of Deceased Persons and Their Families. University of Detroit Mercy Law Review, 613 (1992). http://heinonline.org/HOL/Page?handle=hein.journals/udetmr69&div=32&g_sent=1 (1992).
  25. 25 Herold, R., Is there Privacy Beyond Death? February 2005. http://www.privacyguidance.com/files/Privacy_Beyond_Death_Herold.pdf (2005).
  26. 26 Ibid.
  27. 27 Ibid.
  28. 28 Office of the Privacy Commissioner of the Australian Government, Information Sheet (Private Sector) 17 - 2003: Privacy and Personal Information that is Publicly Available, Section 15 http://www.privacy.gov.au/materials/types/infosheets/view/6549 (2003). However, this provision cannot be applied to online profiles, since the Australian Privacy Act of 1988 applies only to publicly available personal information, which was collected for the purposes of inclusion in a record or generally available publication or is contained in a record.
  29. 29 European Parliament and Council Directive (EC) 95/46 of 24 October 1995 on the protection of individual with regard to the processing of personal data and on the free movement of such data (1995) L 281, Art. 8(1).
  30. 30 Ibid Art. 8(2)(c).
  31. 31 During my research I learned about two countries that adopted regulations concerning health related data, UK and Hungary. Unfortunately, the Hungarian Act on the Handling of Medical and Other Related Data of 1997 was not available in English translation.
  32. 32 UK Access to Health Records Act of 1990, Art. 3(1)(f) (1990).
  33. 33 UK Information Commissioner’s Office, Freedom of Information Act, Practical Guidance: Information about the deceased. 2008. http://www.ico.gov.uk/upload/documents/library/freedom_of_information/detailed_specialist_guides/informationaboutthedeceased.pdf (2008).
  34. 34 US Department of Health and Human Services, Standards for Privacy of Individually Identifiable Health Information, Section 164.502(f). April 2003. http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/introduction.pdf (2003).
  35. 35 Does HIPAA cover deceased individuals. HIPAA Weekly Advisor, August 2002. http://www.hcpro.com/HIM-23324-866/Does-HIPAA-cover-deceased-individuals.html (2002).
  36. 36 US Department of Health and Human Services, Section 164.512(i).
  37. 37 Berg, J., Grave Secrets: Legal and Ethical Analysis of Postmortem Confidentiality. Connecticut Law Review, Vol. 34, 82, 2001. http://ssrn.com/abstract=301286 (2001).
  38. 38 Act of Quebec Respecting the Protection of Personal Information in the Private Sector of 1993, Section 31 (1993); Alberta Health Information Act: Guidelines and Practices Manual, Section 8.5.16. March 2011. http://www.health.alberta.ca/documents/HIA-Guidelines-Practices-Manual.pdf (2011).
  39. 39 Act of Quebec Respecting the Protection of Personal Information in the Private Sector, Section 3 (1993).
  40. 40 Alberta Health Information Act: Guidelines and Practices Manual, Section 8.5.5 (2011).
  41. 41 Idem Section 8.5.16 (2011).
  42. 42 Act of Quebec Respecting the Protection of Personal Information in the Private Sector of 1993, Section 18(2) (1993); Health Information Protection Act of Saskatchewan of 2003, Section 29. http://www.health.gov.sk.ca/hipa-overview accessed 1 February 2012 (2003); Alberta Health Information Act: Guidelines and Practices Manual, Section 8.15 (1993).
  43. 43 Berg, J., 82 (2001).
  44. 44 Ibid 91.
  45. 45 Pitcher, G., The Misfortunes of the Dead. American Philosophical Quarterly, Vol. 21, No. 2, 184, 1984. http://www.jstor.org/pss/20014044 (1984).
  46. 46 Berg, J., 100 (2001).
  47. 47 German Civil Code of 18 August 1896, Art. 1922 (1). (1896).
  48. 48 Nevertheless there are certain rights not related to property and are inheritable. For example, when death occurred following a medical treatment, the heirs have specific rights concerning the medical records and these rights are usually raised in front of medical doctors who treated the patient. The right to access medical records of the deceased patient is extended to the heirs only when they pursue certain economic interests, while the access rights of the relatives based on some personal interests is not given to the heirs. Certainly the declared will of the deceased person is defining in this situation. The doctor is bound by confidentiality requirements and in defining the limits of the confidentiality, he has the right to balance the confidentiality protection of the deceased and the access rights of the relatives and friends The doctor is exempted from the confidentially obligations towards the heirs only to the extent that the data kept confidential concerns privacy matters, and towards the relatives in all other cases. (Commentary of Art. 1922 of the German Civil Code in Buchholz, S., Kommentar zum Bürgerlichen Gesetzbuch, Band 6 Erbrecht. Luchterhand, Germany. 76 (1990).
  49. 49 The French Civil Code provides that upon death of a person his property is transferred to the beneficiaries by succession (intestacy) or in accordance with his will. Similarly to the German Civil Code, the French one lists the degrees of heirs (spouses and blood relatives to a certain degree). Further, the object of a testament is property and the testament shall be done in holographic form, public document or in secret form, the latter involving the notary. (Crabb, J. H., The French civil code/translated. Kluwer Law and Taxation Publishers, Deventer, The Netherlands (1995).
  50. 50 Atkinson, T. E., Handbook of the Law of Wills and Other Principles of Succession Including Intestacy and Administration of Decedents’ Estates. West Publishing, St. Paul. 23 (1953).
  51. 51 Opton, F. G., Decedents’ Estates, Wills and Trusts in the U.S.A. Kluwer, Deventer, The Netherlands. 21 (1987).
  52. 52 Finch, J., Hayes, L., Mason, J., Masson, J., Wallis, L., Wills, Inheritance and Families. Clarendon Press, Oxford. 1-2 (1996).
  53. 53 German Civil Code, Art. 1940 (1896).
  54. 54 Commentary of Art. 1940 of the German Civil Code in Buchholz, S., 138 (1990).
  55. 55 Lange, H., Kuschinke, K., Lehrbuch des Erbrechts. Munich. 616 (1995).
  56. 56 Commentary of Art. 1940 of the German Civil Code in Buchholz, S., 138 (1990).
  57. 57 German Civil Code, Art. 1941.
  58. 58 Kerridge, R., The Law of Succession. Sweet&Maxwell, London. 6-7 (1996).
  59. 59 Finch, J. and others, 3 (1996).
  60. 60 Ibid 31.
  61. 61 Finch, J. and others, 40 (1996).
  62. 62 Ibid.
  63. 63 Grant, J. K., Shattering and Moving Beyond the Gutenberg Paradigm: The Dawn of the Electronic Will. University of Michigan Journal of Law Reform, Vol. 42. 108 (2008). http://heinonline.org/HOL/Page?handle=hein.journals/umijlr42&div=6&g_sent=1 (2008).
  64. 64 Beyer, G. W., Hargrove, C. G., Digital Wills: Has the Time Come for Wills to Join the Digital Revolution? Ohio Northern University Law Review, Vol. 33. 890 (2007). http://heinonline.org/HOL/Page?handle=hein.journals/onulr33&div=31&g_sent=1 (2007).
  65. 65 Ibid.
  66. 66 Ibid 124.
  67. 67 Beyer, G. W., Hargrove, C. G., 900 (2007).
  68. 68 Purtova, N., Property Rights in Personal Data: Learning from the American Discourse. Computer Law & Security Report, Vol. 25, No. 6. 514, (2009). http://ssrn.com/abstract=1554341 (2009).
  69. 69 Ibid 515.
  70. 70 Murphy, R. S., Property Rights in Personal Information: An Economic Defense of Privacy. The Georgetown Law Journal, Vol. 84. 2383-2384 (1996). http://heinonline.org/HOL/Page?handle=hein.journals/glj84&div=64&g_sent=1 (1996).