Jusletter IT

Over recent years, digital technologies and the Internet have become a part of our everyday life. We also start to call ourselves the «Digital Natives» and basically we are born digitally with our first click on touchpad and since then many of us spend almost whole their life using, sharing and leaving more and more information, data and assets in the Internet. The «Digital Natives» learn digitally, establish relationships digitally, work digitally, earn and spend money digitally. Many of us are even more active in the virtual world than in real one. Nevertheless, everything ends sooner or later and also the «Digital Natives» will pass away one day in the real world – the question is whether and how they will pass away in the Internet.

Despite the fact that the digital era is developing and technology is advancing so fast, there have been no clear rules and frameworks developed in the area of transferability of digital assets in case of death. The law seems not to answer the problems of digital legacy and succession of digital assets. The legal practice, literature, legislation and jurisdiction remain silent on this subject in many legal systems. Some of them try to create new regulations or update norms and legal frameworks to address this challenge of modernity.

Consequently, the lack of binding rules and clear interpretation leaves over 75% of inhabitants of the EU¹, who are regularly using the Internet, without any legal measures to transfer or pass to heirs their digital assets in case of death. Such legislation gap does not generate only the uncertainty and confusion among the «Digital Natives» and is a threat for the security and privacy in the Internet, but it also opens the space for internal regulations of different service providers as well as other non-legal developments. Still, increasing number of the Internet users shows the importance of developing such regulations and their necessity. The wish is father to the thought, and currently the solution to the problem of succession of digital assets is developing from the bottom up. Such approach may impact the users in the positive way, although one must bear in mind that most of the digital assets which are in possession of the «Digital Natives» are provided, organized and managed by service providers – private companies, mostly international. Clearly, for the digital intermediaries and service providers it is favourable to avoid such difficult and complex issues. Nevertheless, some of them filled in the legislation gap with their own rules enforced in Terms and Conditions (T&C) or End Users Licence Agreement (EULA) documents, others just ignore the problem.

In this paper the author will try to answer the question what happens to digital assets after the death of their users from the contractual law perspective. It will be also an attempt to examine the selected contracts concluded between the user and the service provider. The author will present legal understanding and give a broad overview of a contractual perspective on succession of digital assets.

In the European Union’s legal system the succession and the private law are still the Member States’ privilege. It means that the succession regulations might be different in each Member State and there is no harmonization in the area of substantive law. Nevertheless, in some countries like the UK or Germany, the discussion about transferability of digital assets has begun. In Germany for instance, the German Bar Association (Deutscher Anwaltverein) prepared the opinion and proposition of changes in German law, which should adopt it to the characteristics of the digital era in the context of the digital succession². It should be noted that the regulations concerning the transferability of digital assets in case of death may be found in the United States.

To analyse the transferability of digital assets in case of death, it is important to emphasize that many of digital assets, or even all of them, are distributed and provided by digital intermediaries or service providers³. Physical copy of a book or a CD with music are tangible goods, therefore after the sale contract is concluded, the money paid and the subject delivered, the ownership of the subject is transferred to the buyer and the seller has no more influence on this item. Therefore, the buyer as the owner is allowed to dispose of the property as the owner wishes. Digital assets are something that makes these circumstances different. Noting the nature of digital assets, digital assets are intangible and are provided or stored on servers owned by service providers. Consequently, according to Edwards, «many important digital assets are controlled, both practically and legally, by digital intermediaries – companies such as Google, Facebook, eBay, Twitter, Vimeo, Tumblr, Yahoo! Mail, Hotmail, Blizzard, etc.»⁴ The relationship between the user and the service provider is based on and regulated by a contract, called Terms & Conditions (T&C) or End User License Agreement (EULA). A user who wants to start using digital assets i.a. purchases a new song on iTunes, uses an e-mail account provided by Google, creates a Facebook profile or stores data at Dropbox, firstly is obliged to read and accept such a contract. In practice, many users do not read this document or sometimes are not fully aware of its existence, nevertheless they are legally binding and in many cases have a significant impact on the possibility to transfer digital assets.

Some T&C regulate in detail the situation of digital assets in case of user’s death, other ignore this problem. It also happens that even if the rules regarding the transferability of digital assets may be found in the T&C or EULA, they may be inconsistent with the applicable law, thus invalid on this ground. Such situation is common especially in case of service providers, who are originally seated in the countries with legal systems based on common and equity law, and also introduce their service regulations based on completely different civil law systems without providing any changes in their contracts.

Below, the author tends to present and analyse general principles of the contract law, then some selected T&C and EULA of the most popular service providers, their practical aspects and regulations, focusing on impact of these documents on the succession of digital assets.

The Members States of the EU have already harmonised many areas of law, however in the area of private law, i.a. civil law, there is no harmonization in Europe and still various law systems and regulations exist. Some of them try to harmonise the substantive private law and creation the European Civil Code has been initiated, but all of these initiatives have failed. Nevertheless, in the area of contract law, the proposal for a Regulation on a Common European Sales Law (CESL) was presented⁵ and due to its scope and lack of interference with national-level regulations it is attracting more and more supporters. However, the legislation procedure for this document is still pending. It is important to mention that according to the recital 17 and art. 5 of the CESL, it is to be applicable also for digital assets. The CESL acknowledges the increasing importance of the digital economy and covers contracts for the supply of digital content (i.a. «storage, processing or access, and repeated use, such as a music download»)⁶. Additionally, the CESL should be applicable not only for digital assets which are purchased in exchange for a price, but also to services «involving a non-monetary consideration such as giving access to personal data or free of charge in the context of a marketing strategy (…)»⁷. Such broad application scope seems to be recognition and transposition of the U.S. approach, according to which the users are paying for the services such as Facebook or Gmail not with money but with their own data.

The CESL was approved, with some minor amendments, by the European Parliament on 26^th February 2014⁸ and achieved partial agreement in the Commission on the 20^th May 2014⁹. It is a truly necessary and good step for the harmonisation of contract law, however this regulation, unfortunately, does not introduce any changes in the field of inheritance of the deceased’s contractual obligation and transferability of digital assets in case of death. If any legal questions occur, it is necessary to apply the national contract and succession law to the T&C used by service providers, as well as to the transferability of such contracts.

In Poland, according to the art. 922§1 of the Polish Civil Code (KC)¹⁰, the property rights and obligations («prawa i obowiązki majątkowe») of the deceased pass on heirs at the moment of death. Based on this provision, contractual obligations are included in the inheritance and heirs have to fulfil them. On the other hand, it also means that the second party needs to act and fulfil the obligations to heirs. Some exceptions to this general rule are enumerated in the Civil Code¹¹ or other acts¹² and apply mainly to contractual obligations related directly to the deceased person. It is not possible to classify contracts with service providers as a strongly related to a person, because the contract as such is always a standard one, the T&C are the same for all users, the service is not personalized and service provider does not verify in any way the integrity of party i.a. its personal data or cash flow.

Consequently, in Poland the rights and obligations arising from contracts related to digital assets pass on heirs. According to this general rules, it may be arguable whether, after the death of user, service provider is still obliged to act and provide its services to heirs. Nevertheless, there has not been any case in Poland that required application of these rules to digital assets, and there is no binding court decision in this field to become a reference in this place.

In German legal system, the same rules are applicable to the contracts made by the deceased via the Internet and the inheritance of rights and obligations resulting from contracts. All deceased’s obligations regarding e-commerce, namely the buy or sale contracts concluded via Internet, are binding, and heirs are obliged to finalize the transaction and pay for the goods ordered by the deceased before the death or to ship goods sold by the deceased.

Other issue connected to this problem is whether the inheritance of the contractual obligations have been regulated otherwise by parties in the text of contract. In many cases parties, like service providers or telecommunication companies, add to their contracts additional provisions terminating the contract in case of user’s death. In such a situation the will of parties will be the reason whether the contract would be terminated or not.

Similarly to Poland, according to the German Civil Code (BGB), the contractual obligations («schuldrechtliche Positionen») of the deceased after the death are part of the inheritance. It means that the rights and the obligations pass on the heirs. The exception from this rule is for instance: according to the sec. 473 of the BGB – the right of pre-emption («Vorkaufsrecht»)¹³, according to the sec. 520 of the BGB – the promise of the annuity («Versprechen zu einer wiederkehrenden Leistung»)¹⁴, according to sec. 1583, 1615 of the BGB – the maintenance claims («Unterhaltsansprüche»)¹⁵ and according to the sec. 613, 673, 675 of the BGB – some of the service contract in the situation when the deceased was obliged to realize the service in person. To sum up, the contractual obligations in Germany are transferable in case of death of one party, except cases listed in the BGB, which states that the obligation or its result are directly related to the deceased¹⁶.

In this context Herzog distinguishes two types of contractual obligations, which per analogy are relevant to the succession of digital assets – one is giro account contract («Giroverhältnisse»), another one is tenancy agreement («Mietvertrag»)¹⁷.

Contractual obligation related to giro account contract and bank services are regulated in the sec. 675c and following of the BGB. Heirs take the contractual obligation with a bank and inherit all financial resources of the deceased, nevertheless according to the decision of the Federal Court of Justice (BGH), if heirs want to use the deceased’s account not only for the purpose of the realisation of the legacy, but later for their own purpose as well, they have to sign a new contract with the bank on their own behalf¹⁸. To sum up, in this type of contractual obligation, the content of the account (financial resources) is transferable and becomes the part of inheritance. However, the further usage of this particular account is possible only by creating a new contract with the bank, which will confirm the contractual liability and the awareness of the terms and conditions of the contract by the heir¹⁹. The giro account concept, per analogy, may be used to e-mail accounts²⁰ and basically to all digital assets. Bearing that in mind, the content of the account should be transferable in case of death. The heirs should have the possibility to inherit e-mails, pictures, e-books or digital music of the deceased stored on the service provider’s accounts and use the account of the deceased person to download or transfer digital assets to their own account(s). After transferring the account content, the contract with the service provider would be terminated and the account closed or/and deleted. If the account has commercial value and was used for the commercial purposes, heirs should have the possibility to conclude a new contract with the service provider for this account on their own behalf and then still use it. However, in case of the giro account and the financial resources left in the bank account there is no privacy and data protection issue, which may often arise in case of digital assets.

The second type of contract by Herzog, which may have impact on the transferability of digital assets, is a lease agreement. The general rule says, that after the death of a lessee, the lessor is still obliged to make the subject of the lease available to heirs. However, according to the sec. 580 BGB, heirs and the lessor are entitled to terminate the lease contract for cause, with the statutory notice period within a month from obtaining information about the death of the lessee²¹. This regulation applies to all the situation except for the lease agreement of the residential space («Wohnraummietverhältnis»). According to Herzog, some contractual obligations related to digital assets from its legal nature might be, per analogy, classified as a lease agreement, and it would be possible to argue that, for instance, using the Cloud or purchasing e-books might be similar to the lease agreement. Following this argumentation, the rules regarding the succession of lease agreements should be applicable to digital assets and, as a result, the service provider should be obliged to provide heirs with digital assets of the deceased.

Additionally, it is also important to mention here, that in most legal systems, according to the general civil law rules, the contracts as such are transferable. It is possible to transfer inter vivos the rights and obligations which arise from a contract to someone else (cession)²². Therefore, in compliance with the succession law, the rights and obligations regarding to the Internet activity of the deceased would be transferable.

Martini presented an interesting observation regarding contracts²³. According to him, the exception from the transferability of contractual obligations as part of universal succession is sec. 399 (1) BGB, which says, that «a claim may not be assigned if the performance cannot be made to a person other than the original oblige without a change of its content or if the assignment is excluded by agreement with the obligor»²⁴. This provision shows, that some contractual obligation, depending on their content, need to be specially protected and cannot be transferred or inherited²⁵. However, Martini continues with the opinion that obligations connected to digital assets, i.a. contract for providing e-mail account, cannot be included in this group of obligations. Service providers are generally not interested in a user as a person, even do not verify personal data of users, so the obligation does not have a personal character.²⁶ Such argumentation supports the prior conclusion that, according to the Polish and German law, the rights and obligations regarding Internet services are transferable and may be inherited. Consequently, the service provider is obliged to perform, fulfil the obligation and make the access and other data available to heirs²⁷.

Indisputably, the most popular social network website nowadays is Facebook. According to the official statistics from 30 June 2015, Facebook worldwide has 1.49 billion active users monthly²⁸. However, more than three of them die every minute²⁹. Only in Switzerland, the mortality rate of Facebook users in 2012 reached nine persons per day³⁰.

To analyse the contract which user signs with Facebook during the registration process, in the context of transferability of account in case of death, it is necessary to make reference to sec. 4.9 of Facebook’s Statement of Rights and Responsibilities («Statement of Rights»). This section clearly states that the user is not allowed to transfer the account (any page or application as well) to anyone without prior written permission from Facebook.³¹ Such a regulation is also confirmed in the sec. 18.6, which forbids to «transfer any of your rights or obligations under this Statement to anyone else without our consent». Moreover, the so-called real name requirement and sec. 4.1. of the Statement of Rights, forbidding to provide any false personal information or create an account for anyone else without permission, practically excludes the possibility of transferring the personal account. Such transfer would be classified by Facebook as the material breach of the contract. According to the Statement of Rights, sec. 4.8, the user is not allowed to share the password to the account, let anyone else access the account, or do anything else that might jeopardize the security of the account³². This regulation prevents the users from making their access data available to others, thus it restricts the possibility to transfer the account in case of death. In practice, it eliminates the possibility to write down the access data to Facebook account in the last will, to give it to a trustee or to use a popular legacy website. Again, such actions would be classified as the material breach of the contract and may lead to termination of the contract by Facebook³³. Moreover, Facebook stated clearly in few places, that «to protect the privacy of people on Facebook, we cannot provide anyone with login information for accounts»³⁴.

To sum up, according to the T&C, there is no possibility to transfer the Facebook account to someone else or to receive the login information to the account. The open questions are: firstly, is such regulation valid or should be treated after the death of the user as null and void? Secondly, how such a contract should be classified after the death of Facebook’s user and should it be recognized as personal obligation to the user which expire after his/her death?

It needs to be stated that according to the European civil law principles, which has been discussed above based on the Polish and German civil law example, there is no legal difference between each and every random contract for services and Facebook’s T&C. It leads to the conclusion that T&C (and as a result also Facebook account), should be transferable and should be a part of deceased’s heritage. Moreover, the legal exception related to the personal obligation does not apply in this situation. Obviously, the data stored and shared on user’s account do have personal character and are personal data, but the contractual obligation as such is a standard, non-personal one and does not fulfil the civil law requirements for a personal obligation.

Despite the fact, that T&C of Facebook does not comply with civil law frameworks, the service provider is trying to develop a non-legal procedure which will be an answer to the user’s request related to the succession of digital assets. Therefore, Facebook offers its users two solutions in case of death of their relatives or friends. The Facebook account may be either (1) memorialized or (2) permanently deleted.³⁵ Since February 2015 in the U.S., the users can also choose in advance what should happen to their account after they die, as well as they are able to appoint so-called legacy contact. We will see whether mentioned above solutions will be available for the users in other countries, especially in the EU.

The memorialization means that the timeline of the deceased would be kept on Facebook, but the access to some features is limited³⁶. To memorialize an account, the member of the family or a friend of the deceased has to send a Special Request for Deceased Person’s Account with a proof of death document enclosed. In practice memorialization means that to the person’s name on the profile will be added the word «Remembering», friends will be allowed to share memories about the deceased on the timeline, content shared by the deceased will stay on Facebook and it would be still visible to others according to the privacy settings, the memorialized timeline would not appear in the suggestion for «People You May Know» or birthday reminders, no one will be able to log into the account, and finally groups with an admin whose account was memorialized will be able to select new admins³⁷. The concept of Facebook account memorialization may have a positive impact on solving the problems of transferability of digital assets, especially as a solution of safety problems associated with so-called «zombie profiles» and abandonment of social media accounts. However, Facebook is claiming, that even after the memorialization of the account, anyone may send a private message to the deceased person. Such a feature is unreasonable in the situation when no one has access to the account and it may jeopardise the security of the profile. The only justification for such a feature might be probably found by psychologists in the context of virtual mourning³⁸. Besides that, the legacy contact, if appointed, is able to change the person’s profile picture and cover photo, write a pinned post on the timetable and respond to new friend requests³⁹. Currently, legacy contact is available only in the U.S. and refer to the person appointed in advance by user to manage the account after it was memorialized. The legacy contact may be appointed only from the Facebook’s friend and beside options mentioned already above, the legacy contact is allowed to download a copy of data shared on Facebook. Facebook claims that the legacy contact will get access to photos and videos uploaded by the deceased, his/her wall posts, profile and contact info, events and friend list, but will not receive messages, clicked ads, pokes, security and settings information and photos automatically synced but not posted. Such data may be provided only additionally by Facebook «in response to a valid will or other legal consent document expressing clear consent»⁴⁰. Nevertheless, the legacy contact cannot log into the deceased’s account, remove or change any past posts and photos, read the messages sent to other friends by the deceased and remove the friends. Moreover, the legacy contact must be an adult (18 years old or older). At the time being, Facebook is testing the legacy contact concept and reserves the right to add some additional capabilities for legacy contacts in the future or to introduce it in other countries. The legacy contact concept could be compared to legal instrument of a trustee or executor. One can observe that it is a non-legal construction and is not regulated in any legal act in the EU or the U.S., therefore its enforcement may lead to questions and dilemmas. It would be ineffective, legally non-binding in many countries and based only on the internal procedures of service providers. To sum up, it is a good example of self-regulation and an attempt to solve the problem of succession of digital assets, but without the public bodies’ supervision and clear legal framework it is insufficient.

The second possibility to manage the account of the deceased is to completely remove the account from Facebook. A request for a deceased person’s account removal can be sent by a family member and needs to include one of the following documents: death certificate, court document confirming power of attorney, birth certificate or last will and testament⁴¹. In this scenario the whole account of the deceased, as well as all content associated with it, is to be deleted. However, according to the Statement of Rights, if such content was shared with someone else and this person has not deleted it, the shared content is going to be still accessible. Facebook also makes it clear that removing all backup copies may persist long time.

Facebook admits in its’ help section, that in rare cases the content of the account may be made available to the person who provide the proof that he/she is an authorized representative of the deceased and/or uses an appropriate court order. Nevertheless Facebook does not guarantee that such person would be provided with the account’s content.

To conclude, the analysis of user’s contract with Facebook leads to extraordinary findings. Firstly, despite the fact that Facebook is one of the service providers providing the most comprehensive system regarding the succession of digital assets, there are still some more features missing. For example, there are controversies and procedural gaps regarding transferability of the business accounts (groups as well as pages). Secondly, from the civil law perspective, a lot of procedures, definitions and explanation related to memorialization, request to remove the deceased’s account and legacy contact are not in compliance with the civil law principles and are not included in the Statement of Rights. As noted above, they are regulated only in the FAQ section and on help desk website which is confusing to users, and, furthermore, cannot be treated in the civil law systems as a part of the binding contract. Consequently, such regulations and procedures should be treated as null and void.

Google represents an interesting and innovative approach to management of accounts of the deceased. A user, during the registration process, accepts the Google’s Terms of Service⁴² and the Privacy Policy⁴³. Those two documents are the legal basis for the relationship between Google and the user, they should contain all rights and obligations of the parties. However, it is crucial to mention that both of them are rather fragmentary regulation, especially in the context of a full range of different products and services provided by Google.

The analysis of the Terms of Service shows that there is no provision regarding the succession of the account or data. However, Google states that «what belongs to you stays yours»⁴⁴, namely the user retains ownership of any intellectual property rights to the content which has been uploaded, submitted, stored or received on Google’s servers.

Since 2013, Gmail users can use a special tool provided by Google, called the Inactive Account Manager. This tool makes it possible for users to share their account data with anyone else in the situation if their account(s) is/are not active for a certain period of time⁴⁵. It might be seen as Google’s attempt to solve the problem of the succession of digital assets. The Inactive Account Manager allows to appoint a trusted person who is to receive the user’s data, choose data to be transferred and a period of time and deadline for this to happen. The user can alternatively decide that all data should be deleted.

The Inactive Account Manager is available at Google account settings and provides some special security measures and verification procedure, which ensure the security of the data. To activate this tool, the user should add a mobile phone number for the verification purposes and choose a timeout period for the account (between 3 and 18 months). At this moment also, the user sets an auto-response to be sent automatically to all incoming messages after inactivating the account. Then the user adds up to 10 trusted persons to be notified by Google that the account is inactive, there is going to be also information about who the data could be shared with or that Google can be requested to delete the account and all data associated with it. According to Google, the Inactive Account Manager applies not only for Gmail but for all services provided by Google. Consequently, the user can use it to manage other digital assets, for example data stored on Google Drive, pictures in Picasa Web Albums, movies on YouTube or blogs created using Blogger, etc.

Trustees receive an e-mail from Google, after deactivating the account of the user who appointed them as trustees, with the information that the user has not been logged for a certain period of time and with instructions if, how and which data can be downloaded by them⁴⁶. The identity of trustees is verified by Google via SMS or voice call. It is important to emphasize, that the trustees may only download the data shared by the user, but they cannot log in to the user’s account or start using services provided by Google to the user. Consequently, for instance, trustees can download posts from the user’s blog but cannot write a new one or manage and develop such a blog. In this context, the application of the giro account concept would be a very good solution in this case, meaning that heirs should have the possibility to conclude a new contract with Google on their own behalf to further use the deceased’s account, or at least account’s address. It is especially important for keeping active email addresses used for certain purposes, YouTube channels or Blogger accounts because their deactivation may lead to significant decrease of viewers and visibility indicators and is directly connected to profit, thus it implies economic value.

Assuming that a Gmail user or other Google services user did not activate the Inactive Account Manager before the death, or/and did not choose a trustee, or/and the trustee is not the same person as the heir – formally, in special cases, heirs can still try to get the access to data stored on the Google’s servers. According to the information placed in Support section of the service, «in rare cases Google may be able to provide the account content to an authorized representative of the deceased user.»⁴⁷ However, Google emphasized that privacy protection of users is a priority for them and any decision about granting access to digital data of the deceased users is made after a long verification process. Such a process consists of two stages. First, heirs are supposed to send to Google a special request form with information such as: full name, address, e-mail address, photocopy of government-issued ID or driver’s license (certificated and notarized English translation), Gmail address or Google username of the deceased user, the death certificate of the deceased user (certificated and notarized English translation). After positive verification of the request, Google informs heirs whether it would be possible to gain access to the data and informs also about any further steps and requirements. Google states that «Part 2 [of the verification process] will require the heirs to get additional legal process including an order from a U.S. court and/or submitting additional materials.»⁴⁸

Google introduce also a possibility to submit a request for funds from a deceased user’s account (e.g. AdSense, Wallet). In such case additionally, the heirs need to provide also court-certified letters testamentary and certify that this person is a sole authorized recipient of such funds.

To conclude, Google currently has one of the most innovative solutions that would be useful to ensure possibility of the transferability of digital assets in case of death. However, this solution is obviously based on freedom of testation, because if the deceased user would not use the Inactive Account Manager before the death, there is almost completely no possibility to access the data. It should be also clearly highlighted that the solution presented by Google, namely the Inactive Account Manager, is only a technical feature within accounts, not a legally binding procedure. Additionally, it is also not regulated in the contract between user and this service provider, then access to Gmail e-mails may be sometimes provided on the basis of national law, without using the Inactive Account Manager.

A very different approach is represented the second leader in the area of e-mails – Yahoo!. Yahoo! closed the possibility of transferring digital assets and getting access to e-mails of the deceased. According to the Section 28 of Yahoo! Terms of Service, there is no right of survivorship and no transferability. The user creating the account agrees that «Yahoo account is non-transferable and any rights to Yahoo ID or contents within the account terminate upon the death.»⁴⁹ Yahoo! informed also that after receipt of the request to close the account with the copy of a document appointing the requesting party as the personal representative or executor of the estate, as well as the copy of the death certificate, Yahoo! terminates the account and permanently deletes all its content.⁵⁰ It is also emphasized clearly in the Yahoo! Account Help⁵¹, which introduces only the request procedure for closing the account of the deceased person. To close the account, heirs need to submit to Yahoo!’s Legal Department a letter containing the request and the Yahoo! ID of the deceased, a copy of the document appointing the requesting party as the personal representative or executor of the estate of the deceased and a copy of the death certificate of the Yahoo! account holder.

Despite the fact that Yahoo! does not allow any form of transferability in case of death, it is, at least, one of a very few service providers who, in the contract, regulates the situation of digital assets in case of death of their users. Nevertheless, it may be disputable whether such a provision is legally binding. The problem here is a potential conflict between the contractual obligations and the succession law.

In this context, it is impossible to ignore the famous U.S. case of John Ellsworth⁵². John Ellsworth was a marine who died in Iraq in 2004. After his death, his parents tried to get the access to the e-mail account of John and download all his e-mails for the purpose of creation a memorial.⁵³ The service provider, Yahoo!, claimed that they cannot give the access data to John’s account to his parents because of privacy policy and the contract which has been made with John, according to which, the account is non-transferable and there is no right of survivorship. The Ellsworth’s family was arguing that the Yahoo! account is similar to a deposit box, which, according to the Michigan law⁵⁴, may be opened after the death of its user and the content is inheritable by the heirs⁵⁵. Comparing e-mail account to a deposit box is similar to, mentioned already, giro account concept in Germany. However, the real legal question in this case is not only a question about the possibility to gain access to e-mails of the deceased. It is related to ownership of e-mails, users and their rights protection, hierarchy of legal norms and compliance of T&C or EULA to imperative regulations of law. The Court decided that Yahoo! has to provide the family with copies of the e-mail content on the CD, as well as in hard copy. Nevertheless, the non-transferable provisions of the contract were kept binding and Yahoo! as service provider was not obliged to provide access data such as the login and the password.⁵⁶ The Court was really careful, the decision has not been published at all, even thought it was the first decision regarding these issues, it has not established a precedence.⁵⁷ Outside the scope of the decision, the Court posed privacy and data protection dilemma. It could be result of different legal and cultural approach in the U.S. and the EU in this area. Edwards rightly stated that «the privacy interests of the deceased might not be co-existent with the desires of the surviving family in all cases, might not align with the interests of all members of that family, or might not be known at all, necessitating further investigation before disclosure of confidential material.»⁵⁸

The online world is developing faster than legal regulations and systems. Due to the nature of law and legislation process, at least in Europe, the law cannot adapt that fast to the changing environment and especially new technologies and hi-tech inventions. Therefore the Internet users and Service Providers are trying to fill this legal gap and they are developing other solutions and non-legal practices.

From the practical point of view, users sometimes have the possibility to choose what would happen to their assets. The actions taken by users to secure, or at least to decide on their own what would happen with their digital assets in case of death would be of great help to heirs, or even in some cases it may determine the possibility of transferability. Nevertheless, the legality or effectiveness of some practice may be arguable.

The new concept and growing trend, attracting more and more followers, especially in Switzerland⁵⁹, is to include the decision and disposition regarding digital assets in the last will. Nevertheless, this solution seems to be very unpractical because of a very dynamic character of digital assets and the Internet. Each change in the possession of digital assets, for instance creation a new account would entail the need to make changes in the last will, what would be inconvenient and really expensive. Moreover the same problem would arise if the user writes down the access data to digital assets in the last will. Such a solution is also a breach of security protocols recommending to change the password at least every 90-180 days.

As long as many challenges arise from digital era and technological revolution, there are some websites and services offering help to manage digital assets in case of death and promote Digital Estate Planning. One of such websites is a Dutch service called Ziggur.me. This solution, based on freedom of testation, enables a client to decide what would happen to the digital legacy after the death and to choose which digital data should be transferred and to who, as well as which one should be deleted permanently. However, this solution has also its disadvantages. One of them is lack of guarantee that the service would still exist after the death of its user and would be able to execute the wishes of the user. The good example of a start-up, which has been closed shortly after going live, is a Swedish service My Web Will⁶⁰ or a German website Idivus⁶¹. The other challenge of such services is lack of legal basis for service providers like Ziggur.me to act on behalf of the deceased.

In this context there is also another possibility, which unfortunately would not be legally binding as well. It is granting the power of attorney, either to the service provider or to a trustee. According to the civil law principles, the power of attorney expires at the moment of death and further using it by anyone (trustee, legacy management website, etc.) is treated as acting as falsus procurator.

A practice becoming more and more popular in this area, is using applications like Password Box (functionality and procedure of Legacy Locker) or some cloud-computing solutions for example Securesafe.com (with Data Inheritance function), which may be used to unlock and pass on passwords to the account. The above mentioned services do not only collect the access data in a very dynamic way, but also share this data with heirs in case of death. However, solutions based on sharing the access data with heirs are also ineffective, because many service providers reserve in terms and conditions that it is not allowed to pass on the access data and use someone else’s account. Moreover, using an account of a different person might be chargeable in some jurisdictions.⁶² It needs to be also emphasized that storage of all passwords and access data in one place or application significantly decrease safety in the Internet and increase the risk of hacking attacks and misuse.

There is another interesting solution available in Germany and provided by companies named Columba and Semno. Their services are aimed at helping heirs to find digital assets which used to belong to the deceased and then delete those data from the Internet or transfer them to heirs.

It means that there are some tools and services, available on the market, which help to manage digital assets in case of death. However, all of them are provided by private companies and because of the lack of clear rules and early phase of its development it is difficult to anticipate how effective they would be. Some publicists, scholars and legal counsels advise their clients to use all available types of services to ensure the realization of their last will regarding to digital assets⁶³. However, it should be done reasonably and in a balanced way. Unfortunately, many digital assets users do not think about the future of their digital assets and are not even aware of available means and solutions.

To conclude, there are some non-legal methods available to achieve the main goal – transferability of digital assets. Nevertheless, as non-legal solutions, they still have some gaps and disadvantages. It is very important to still develop tools such as Legacy Locker or Ziggur.me, however, the legal frameworks need to be set forth for such development. Usage of access data passed in any form by the deceased to heirs to log in to accounts shall mean, from legal point of view, an unauthorized access to the account, computer or system, and therefore cannot be satisfactory and permanent solution. It is highly appreciated, that the debate about transferability of digital assets will be open and the public, all Internet users, were aware of these issues⁶⁴. Nevertheless promotion of transferring the access data (i.a. logins and passwords) to the heirs is the mistake. The debate should be moved from the level of non-legal or in some cases almost illegal measures to the professional discussion about the need of legal regulation (preferable at the EU level).

The U.S. is one of few countries which have already recognised the problem of inheritance of digital assets and that have developed some legal procedures and methods to deal with these issues. According to Beyer and Cahn, it is possible to recognise three stages of this legal framework development⁶⁵. The first one covers the law of California, Connecticut and Rhode Island, where the subject of the regulation are only e-mails. The second generation is law of Indiana, covering records stored electronically. The third generation, legal acts in Oklahoma and Idaho, expands its subject and covers broad definition of digital assets including social media profiles and microblogs⁶⁶.

Moreover, in July 2014, the Uniform Law Commission successfully completed its’ work on and approved for enactment by states the Uniform Fiduciary Access to Digital Assets Act («Digital Assets Act»).⁶⁷ According to the Prefatory Note of the final version, its goal is «to remove barriers to a fiduciary’s access to electronic records»⁶⁸. Digital Assets Act makes an important change in the legal framework and for the purpose of inheritance melted away the difference between physical goods and digital assets. The Digital Assets Act has been immediately enacted in Delaware, and in 2015 it has been introduced in next 26 States (e.g. Florida, Illinois, South Carolina, Texas, Virginia, and Washington)⁶⁹.

The Digital Assets Act established the rights of personal representatives, conservators, agents acting pursuant to a power of attorney, and trustees to access the deceased’s digital assets. Each from the listed above, is the subject to different rules and gains the access to diverse extent (sec. 4 – 7of Digital Assets Act). For instance, according to sec. 4 of Digital Assets Act, a personal representative of the deceased has the right to access (1) the content of an electronic communication that the custodian is permitted to disclose under the Electronic Communications Privacy Act⁷⁰, (2) any catalogue of electronic communications sent or received by the deceased person, and (3) any other digital assets in which at death the deceased had a right or interest.⁷¹ Nevertheless, such right to access digital assets may be limited by the court order or the last will. Except the deceased expressed otherwise in the last will or the situation is differently regulated by applicable law, the personal representative has the broadest entitlement to access digital assets. On the contrary, the conservator access digital assets only pursuant to a court order⁷².

The Digital Assets Act does not only regulate who and to what extent would get the access to digital assets, but also describes, in sec. 8, what the heir (fiduciary) can do with digital assets. There are four important principles introduced.

Firstly, the heir (fiduciary) becomes the same authority as the account’s holder (all rights but also duties and obligations) i.a. «(1) subject to the terms-of-service agreement, copyright law, and other applicable law, may take any action concerning the assets to the extent of the account holder’s authority and the fiduciary’s power under the law (…), (2) has, for the purpose of applicable electronic privacy laws, the lawful consent of the account holder for the custodian to divulge the content of an electronic communication to the fiduciary; and (3) is, for purpose of applicable computer-fraud and unauthorized-computer-access laws, (…), an authorized user»⁷³.

Secondly, the service provider, acting according to the Digital Assets Act, may not prevent the fiduciary from access and introduce the T&C which limits such right or give to users only an affirmative choice. Such provisions are «(1) void as against the strong public policy of the state and (2) the fiduciary’s access to a digital asset does not violate the terms-of-service agreement even if the agreement requires notice of a change in the account holder’s status»⁷⁴.

Thirdly, Digital Assets Act clearly states, that there is no place for any choice-of-law provision in T&C and such provisions will be interpreted as unenforceable against a fiduciary, especially when chosen law will enforce a limitation on a fiduciary’s access to digital asset⁷⁵.

Finally, personal tangible things which have the storage capacity (phones, tablets, notebooks, pendrives, etc.) are inherited according to the succession law, however «the fiduciary with authority over the property of decedent (1) has the right to access the property and any digital asset stored in it, (2) is an authorized user for the purpose of any applicable computer-fraud and unauthorized-computer-access laws»⁷⁶.

The Digital Assets Act is a comprehensive and rational regulation, which tries to cover and balance all parties’ interest i.a. the deceased, heirs and service providers. It also ensures the transferability of digital assets, along with counterbalance some limitations preventing the post-mortem privacy, secrecy of the communication, computer-fraud and unauthorized-computer-access. Nevertheless, it has been already criticised for lack of methods to protect the privacy of deceased and heirs⁷⁷. It is not possible to entirely agree with Lee, that «decedents’ fiduciaries are given unnecessarily broad access to the private information of decedents and third parties contained in digital assets, particularly social networking and media content»⁷⁸. It is not possible to create and develop a new concept of post-mortem privacy only to use it as blocker in the discussion about transferability of digital assets. It need to be stated that in many cases, the principles of succession law shall privilege and overcome some of the privacy concerns, especially when such concerns are not articulated in relation to physical items (such as personal documents, printed results of medical examination or diaries). The Digital Assets Act solves some challenges and speculations in the area of succession and contract law, but it does not raise and discuss ownership and property issues.

The conclusion here would be that the Digital Assets Act is a first step towards the succession of digital assets, and countries that still have not recognised and solved this problem, especially the EU Member States and the EU as a whole, should follow the approach already existing in the U.S. in this field and take creation of similar act under consideration. It might be especially useful and comprehensive at the EU level due to the fact that such regulations would address the existing challenges and would not interfere with the national legal systems. It could be also the first step to harmonisation of the substantive succession law in Europe.

Taking into account the development of the Internet and other new technologies, succession of digital assets has become a serious challenge and legal issue; law should adapt to the recent changes then. The above analysis of the contractual obligations between users and the service providers, based on the Polish and German law as well as selected service provider’s terms and conditions, shows that such contractual obligations should be the part of succession and should pass on the heirs. Consequently, the heirs should be entitled to access digital assets possessed by the deceased.

Many of service providers recognised already the problem of digital assets’ succession themselves and they are developing non-legal procedures and conditions, which in some cases (Facebook, Google) are giving to the user some tools to execute the succession right. Nevertheless, lack of clear regulations related to the succession of digital assets, especially in the EU, leads to the uncertainty and self-regulation by the service providers unfavourable for users. Additionally, the terms and conditions suggested by service providers in many situations does not comply with the law.

Rapid and constant development of the Internet provokes also third parties and other intermediaries to interfere in user – service provider relations and to offer users their services related to succession of digital assets. One can observe that in many situations such services are not adapted to particular law system and are not in compliance with the service provider’s terms and conditions.

Tendency to self-regulate succession of digital assets in lieu of creation the general legal norms and standards may also become very dangerous in the end. The EU should follow the U.S. example and develop a legal framework for the succession of digital assets. It is too early to evaluate the effectiveness of the Digital Assets Act in the U.S., nevertheless it should be treated as a lead for European Commission and/or Member States national legislators.

---

 

Paweł Szulewski, ICT & IP Lawyer, PhD Candidate, University of Wroclaw, Research Center for Legal and Economic Issues of Electronic Communication (CBKE), LL.M. EULISP European Legal Informatics Study Programme (Hannover / Vienna), In-house lawyer at IT company, Researcher and Coach, pawel.szulewski@lawict.pl; follow me @lawICT.