Empowering users to control who can see their online accounts.
As we increasingly use online services it becomes more important to consider our digital afterlife. Online service providers are working diligently to provide tools that empower their users to decide what happens to their privacy when they pass away. At the same time, online service providers want to ensure that fiduciaries have the access they need to digital assets to administer an estate.
Revised Uniform Fiduciary Access to Digital Assets Act (RUFADA)
What it Does:
Honors citizens’ explicit and implied privacy choices regarding their privacy afterlife.
The privacy expectations, express statements of wills, and settings of users remain when the user dies. Unauthorized fiduciaries may not read private communications – privacy choices in life continue in death.
Respects the implied privacy choices of people who corresponded with the deceased.
People expect service providers to respect agreements regarding privacy of communications – even when the other party to the communications dies.
Avoids improper disclosure of accounts.
To avoid disclosing the wrong information to the wrong people, or disclosing the information of jointly held accounts, this model requires a court to find the deceased held the requested account.
Complies with existing federal law – Electronic Communications Protection Act (ECPA).
ECPA creates privacy protections superior to state law. This model avoids violating federal law and instead operates within the limitations of ECPA to create a law that works.
Provides a clear path for fiduciaries to get access to information needed to handle the deceased’s estate.
Fiduciaries can see the banks, stock managers, and accountants with whom the deceased corresponded. This lets fiduciaries identify accounts for purposes of wrapping up the estate.
How it Works:
Accessing Records of Electronic Communications
The probate court can order copies of the records of the communications for the fiduciary. These records (like the To and From lines of an email) help fiduciaries identify important interactions, like those with a bank or online broker, and then contact those institutions as part of closing the account.
Accessing the Contents of Electronic Communications
Fiduciaries can see the contents of communications only when the deceased expressly allowed it in their will or through a setting within the product or service. If the deceased bequeathed these communications, service providers will comply subject to verification and indemnification processes.
Respecting User Choices
The deceased user chooses if and how their contents are accessed via user level controls and the terms of service they agreed to in life.
What is the Federal Electronic Communications Privacy Act (ECPA)?
The Electronic Communications Privacy Act (ECPA) is a federal law that establishes standards for access to private information transmitted and stored on the Internet, such as emails, photos, or direct messages.
What does ECPA do?
ECPA sets “Privacy On” by default. The Act requires every provider of electronic communications to obtain lawful consent before releasing the contents of communications. This consent can be provided by only:
- The originator of the electronic communication;
- The addressee; or
- The intended recipient.
Failure of an online service provider to obtain lawful consent can result in private lawsuits by any person aggrieved by the disclosure.
Why should we treat letters and emails differently when it comes to fiduciary access?
Stored communications, like emails and tweets, are significantly different from letters. Unlike letters, which require an affirmative step to store, emails and messages are stored by default, require several steps to delete, and involve a third-party custodian that has responsibility by federal law to protect the privacy of the communications.
Also, due to their immediate nature, users treat electronic communications more like voice communications than like letters – and thus should receive a greater degree of privacy protection than letters. Finally, if someone stores letters under their bed or in a closet, they can expect discovery of the letters when someone cleans their room when they die. They likely do not expect the same for their confidential online communications.
Why does UFADA (Revised) only allow access to records or contents subject to a will?
ECPA distinguishes between content and transactional information, such as who is the sender or the recipient of an email. This means fiduciaries can see with whom the decedent communicated, such as banks, real estate companies, etc., and then contact those entities on behalf of the estate to gain details about the account – all without accessing the private information of the decedent or other persons contained in the emails.
ECPA allows disclosure to fiduciaries with lawful consent – i.e. a will expressly granting the disclosure. But service providers expose themselves to civil liability resulting from improper disclosure. This is why a will and indemnification are needed for disclosure of contents.
What are the problems with a disclose everything approach?
The disclose everything by default approach considers only the fiduciary’s interests. It disregards the interests of the deceased, existing federal law, and it does not protect the communications of the people who corresponded with the deceased – including highly confidential communications (e.g. with doctors, psychiatrists, addiction counselors, and clergy).
Some flaws of this approach:
- Disregards the privacy interests of third parties and decedents by essentially creating a “show me everything” rule for whoever becomes the fiduciary.
- Allows fiduciaries to obtain unfettered access to communications that the decedent understood would be kept private, and it leaves many open questions that can only be resolved through litigation.
- Can sometimes require users to twice opt-in to protecting their privacy by consenting to a fiduciary’s access in both their online account and Unless users makes these affirmative choices, everything in their online accounts is disclosed.
- Puts businesses at odds in complying with federal or state law. States cannot override federal laws, nor can a state indemnify a business from legal liability under a federal law, unless the state is willing to accept the liability. So businesses must choose whether to follow state or federal law.
Americans Overwhelmingly Want To Control Personal Privacy Even After Death’
NetChoice-Commissioned Survey Finds More than 70 Percent of Americans Want Private Online Communications to Remain Private After They Die
Americans say that their right to privacy does not end when they take their last breath, and believe that maintaining the privacy of their electronic communications trumps giving access to family and heirs, according to a new poll conducted by Zogby Analytics for NetChoice.
More than 70 percent of Americans think that their private online communications and photos should remain private after they die – unless they gave prior consent for others to access. In addition, 70 percent also felt that the law should err on the side of privacy when someone dies without documenting their preference about how to handle their private communications and photos.
The poll findings conflict with the actions of estate attorneys, who are lobbying for legislation in many states that would give them new powers to access private communications of the deceased – even against express privacy choices the individual made while alive.
“It is clear that all Americans regardless of age groups or political leanings do not want their online privacy to end when they die,” said Steve DelBianco, executive director of NetChoice. “For nearly 30 years, federal law has prioritized the privacy of email and other electronic communications. Estate attorneys want to dismantle these privacy protections so they can more easily access and distribute your digital legacy”
Additional findings included:
- Over 70% of Americans say their private online communications and photos should remain private after they die, unless they gave prior consent for others to access.
- Only 15 percent believe that estate attorneys and executors should have the discretion to decide what happens to private communications when no prior consent was given.
- 65 percent of Americans say it violates their privacy if their private communications and photos are shared without their consent.
- Three out of four Americans say they would either make arrangements for friends and family to have access to private communications or didn’t want anyone to access them.
- Fewer than 10 percent would want to give consent for an estate attorney or executor to have full access to private communications.
The interactive survey of 1,012 adults was conducted on January 27, 2015 and has a margin of error of +/- 3.1 percentage points.