There is much discussion of 'digital assets' these days but, when it comes to inheritance, there is no statutory definition of the term. It tends to mean things held otherwise than in a tangible sense, including:
- emails;
- photos; and
- social media accounts.
Like bank accounts, digital assets are often controlled by intermediaries. In the former case, this will be the bank; in the latter, an internet service provider (ISP).
When a person dies, their tangible assets (eg, jewellery, cash and cars) pass to their executors or administrators and are distributed in accordance with their will (or the laws of intestacy). Where necessary, intermediaries will demand a death certificate or grant of probate and then release the assets that they hold. Therefore, it is unsurprising that many people presume that their cloud-stored photos and other digital assets will pass to their spouse or children in the same way that a photo album might. Unfortunately, this is not always the case when ISPs are involved, and it is not always possible to ensure that a deceased's loved ones can access their digital assets.
Problems started to arise contemporaneously with the shift to digital storage of assets. After Justin Ellsworth, a 20-year-old marine, was killed in combat, his father sought access to his email account as it contained a pseudo-diary narrating his life. However, Yahoo! declared that it was contrary to its terms of service to release emails. It was not until Ellsworth's father obtained a court ruling in his favour that Yahoo! provided him with a CD of all email documents.
Those digital assets were purely sentimental, as were the photos of her daughter and late husband that Rachel Thompson sought from Apple in 2015. So too were the photos of Greek widower Nick Scandalios's late husband (further discussed below). In all three of these cases, the ISPs demanded a court order before they would release the photos.
The problem goes beyond the sentimental value of photos and emails. Previously, it has been easy to ascertain the extent of a deceased's assets by going through their papers. Today, someone may have numerous bank accounts or investments, the only evidence of which is in their email folders (particularly when the asset in question is a cryptocurrency). In addition, an individual may hold company documents in cloud storage, which is then blocked on their death. This could have wide-ranging and worrying consequences, particularly in the case of family businesses.
Why is it trickier to deal with digital assets?
More traditional assets, such as cars or bank accounts, are dealt with under long-established laws put in place to effect the transfer of property after death. Part of the issue here is that such laws do not extend to all types of digital asset and new laws have not been introduced to fill the gap. ISPs have not yet had the time (nor the inclination) to streamline the process of accessing assets after death. Each ISP has a different procedure which must be followed and different actions which must be taken before death (discussed below). It was not until 2018 that most high-street banks signed up to the death notification service, which allows personal representatives to notify more than one financial institution at a time of an individual's death. Given this, and the relatively inchoate nature of the digital world, it is unsurprising that streamlined processes are not yet in place.
It is not just the practicalities of notification which make dealing with digital assets more cumbersome, but also the attitude of the intermediary. Banks will accept the will, death certificate and grant of probate as adequate evidence of entitlement to the account, as will National Savings and Investments for premium bonds. In contrast, ISPs' behaviour suggests that they may be willing to accept only a court order. However, practical considerations aside, there are two arguments raised by ISPs: privacy and contracts.
Privacy
For any number of reasons, a deceased individual may not have wanted their spouse (or other relatives) to have access to their emails. Yet while it is necessary to remain sensitive to the wishes of the deceased or the reactions of beneficiaries, it is not for the intermediary or the executors to determine what is suitable for beneficiaries to receive.
There are also potential data protection concerns for ISPs with regard to allowing access to email accounts, particularly in light of the Cambridge Analytica scandal and other similar breaches. However, the EU General Data Protection Regulation (2016/679/EU) applies only to the data of living individuals, so it is not a valid argument with which to refuse access to the data of a deceased person. In addition, in 2018 the German Federal Supreme Court ruled that Facebook's contractual obligations to maintain confidentiality did not conflict with an heir's right to access. It ruled that confidentiality related to the account, rather than to the user personally. Therefore, Facebook could make the correspondence available to the user account (and consequently to the heirs) without breaching its confidentiality. It should be noted that this is a German ruling and does not form a precedent in the United Kingdom.
Terms and conditions
The terms and conditions of Apple's iCloud provide as follows:
Unless otherwise required by law, you agree that your Account is non-transferable and that any rights to your Apple ID or Content within your Account terminate upon your death. Upon receipt of a copy of a death certificate your Account may be terminated and all Content within your Account deleted.
Microsoft's service agreement prevents a user from "transfer[ring] your Microsoft account credentials to another user or entity". These provisions are not unique to those ISPs. This results in a frequent contradiction between the terms and conditions governing the relationship between an ISP and a user during life and the expectations of a user as to what will happen to their data on death – a conflict that can be resolved only by a court.
The case of Greek widower Nick Scandalios is interesting. The US court ruled that electronic communications would pass to the heirs only through a legitimate will and, as there was no legitimate will, the surviving spouse had no right to such communications. However, it also ruled that photos were not 'electronic communications' and so could pass even without a will. Accordingly, the court compelled Apple to release the photos to the widower. Scandalios is a US case and so of limited use in the United Kingdom. However, it does act as a litmus test to show the direction of thinking in terms of digital assets.
One suggestion for individuals made by many online will-writing software programs is to write down passwords in a list and give this to executors. This is highly inadvisable, not least because of the practicalities of keeping this updated. Further, it presents a real security risk, which executors are unlikely to want to take. Instead, it may be more secure to sign up to a password manager, a heavily encrypted software program which allows the secure storage of passwords and is accessible only via a long and complex password. This master password may be written down and stored in a safe place, perhaps with the individual's will. This still carries an element of risk as the password is no longer known only to the individual. However, it is significantly more secure than the first alternative.
In addition, until the government carries out a review on the operations of ISPs in relation to probate, users should follow the in-service recommendations from each ISP in order to streamline the process for executors and ensure that chosen beneficiaries receive the information that the deceased wanted them to have.
The terms and conditions of many ISPs promise nothing after a user's death. Twitter will "work with a person authorized to act on behalf of the user". Apple states in its terms and conditions of service that upon receipt of a death certificate "your Account may be terminated and all Content within your Account deleted" and that "any rights to your Apple ID or Content with your Account terminate upon your death".
Some ISPs have created their own post-death processes. Often, a user may nominate an individual who will have limited access to their data after their death. However, not all ISPs make such a provision and many simply offer an email address for executors to contact if they wish to access the data of the deceased.
To make things as easy as possible for executors, individuals may wish to review their digital assets (eg, email accounts, cloud storage and social media) and follow each ISP's in-service provisions dealing with the situation following a user's death. Where ISPs do not provide for access to data after death, it may be necessary to consider retaining hard copies of vital information.
As time passes, this problem will only get bigger. However, it does not seem to have been a priority for the government up to now, and will need to become a focus once the COVID-19 crisis has passed. Until the government introduces legislation to regulate the procedures of ISPs regarding a user's data following their death, it is for the individual and their legal advisers to ensure that suitable planning is undertaken.
It is important for individuals to perform a regular health check of all of their assets, digital and otherwise, to consider what they want to happen to them after their death and seek advice if they are unsure. Where this does not occur, the executor's job becomes significantly more challenging. It is recommended that wills – and both tangible and intangible assets – are regularly reviewed.
