Privacy in Death: Conserving your Power in Legacy

Gabriel Siwady-Kattan

 

Introduction

Throughout our lives, we store everything online. This means that not only can a person keep physical assets in a bank; they can also have digital assets available online for access and distribution. Who should be able to access those assets when we die? The IRS defines a digital asset as “a digital representation of value recorded on a cryptographically secure distributed ledger or similar technology” and names as examples convertible virtual currency and cryptocurrency, stablecoins, and Non-Fungible Tokens (NFTs).^[1] The IRS further elaborates that “[i]f a particular asset has characteristics of a digital asset, [then] it’s treated as one for federal income tax purposes.”^[2] Beyond digital assets that have a financial component to them, however, are also images, videos, digital documents, and electronically-stored music. These could be held by any person, and in our modern age, most people have an account where their digital information is stored, whether in an Apple, Google, Facebook, or Instagram account. The existence of digital assets has brought many issues, including how to deal with the distribution of digital assets at the time of death.

To deal with this issue, the Uniform Law Commission (ULC) drafted the Uniform Fiduciary Access to Digital Access Act (hereinafter referred to as the Digital Assets Act).^[3] This Act essentially treated digital assets as it would any other kind of traditional property a person held at the time of their death.[4] This meant that an executor had near unsupervised power to access, manage, and distribute a decedent’s digital assets.^[5] Under the Digital Assets Act, an executor had the same access to digital assets as an owner had at the time of their death.^[6]

Naturally, this “open-access approach” could raise personal privacy concerns. What if, in the process of getting a decedent’s affairs in order, an executor came across communications with a third party? What if that communication shed light on an unknown aspect of the deceased’s life? What if that communication was meant to remain confidential? And what about that third party’s identity?

On top of these personal privacy concerns, the Digital Assets Act’s provisions were contrary to some tech companies’ terms of use agreements. For example, tech companies have their own ways of managing the content on their platform, and often control or limit the agency a user or consumer might have over their own communications. To this end, tech companies almost always require users to agree to a terms of use agreement, which typically includes provisions on how and to whom data may be shared.

Thus, by requiring tech companies to disclose all the communications and data stored in a user’s account upon request of an executor, the normal administration of estates effectively went against the agreements that had been signed by the decedent. All these privacy concerns led to the UCL revising the Digital Assets Act and creating a new version – the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) – to include more safeguards and place limitations on how digital assets and communications could be accessed and distributed by executors, lawyers, and fiduciaries.[7]

RUFADAA was adopted to create a more uniform system for the disclosure and management of digital assets and information.[8] However, it has left a lot to interpretation by the courts and could be further streamlined by adopting a bright line approach which points tech users to use available “legacy tools.” This paper illustrates cases showing how the Revised Digital Assets Act can be used as an interpretative tool by the Courts and how such interpretation can lead to significant privacy concerns. Specifically, I suggest that courts should employ a presumption of non-disclosure that can be overcome only in limited circumstances. At the same time, I give weight to the argument that this presumption might simply be too much to ask.  Compelling or mandating that individuals must provide consent in writing to the access of their digital assets after their death might deprive their heirs from receiving valuable digital assets or family memories. Having unrestricted access, however, could result in the breach of a decedent’s privacy and expose details that were meant to remain private and personal. A decedent should have a say in their personal privacy, even after death.

Background

RUFADAA was designed to deal with the issues the first iteration of the Digital Assets Act raised.[9] The Revised Digital Assets Act was adopted verbatim in almost all states, with only a couple of states still yet to adopt the Act.[10] This new version of the law still provides fiduciaries (such as executors and attorneys) an instrument to manage the digital assets of decedents,^[11] but with more safeguards to address the privacy concerns raised by individual persons and tech companies.[12]

Specific Provisions: Requirements for Access to Assets and Safeguards

RUFADAA defines a “digital asset” as an “electronic record in which an individual has a right or interest,” but this definition excludes the “underlying asset or liability unless the asset or liability is itself an electronic record.”^[13]  In Maine, when disclosing a decedent’s digital assets, a custodian may grant full access to the user’s account to a fiduciary or designated recipient, or grant partial access sufficient for the fiduciary or designated recipient to perform their tasks, or provide a copy of any digital asset that the user could have accessed if they were alive at the time of the request.^[14]

Moreover, Maine’s version of the Act specifies that “[a] custodian may assess a reasonable administrative charge for the cost of disclosing digital assets under this Act” and that a “custodian need not disclose under this Act a digital asset deleted by a user.”^[15] Finally, there are some safeguards that protect the contents of these assets as well as its administrators and custodians. For example, the Maine statute says that if a user instructs or a fiduciary asks a custodian to disclose only some of the user’s digital assets under the Act, the custodian is not required to do so if separating the assets would be too burdensome. If the custodian believes the request is too burdensome, they or the fiduciary can ask the court for an order to: (a) Disclose a subset of the user’s digital assets limited by date; (b) Disclose all of the user’s digital assets to the fiduciary or designated recipient; (c) Disclose none of the user’s digital assets; or (d) Disclose all of the user’s digital assets to the court for in-camera review.^[16]

In Maine, §10-107 of the Act governs the disclosure of electronic communications of deceased users, with some added procedural safeguards.^[17] This section says that if a deceased user consented to or a court orders the disclosure of their electronic communications, the custodian must provide the content to the personal representative of the user’s estate. The representative must supply: a written request for disclosure, a copy of the user’s death certificate, and a copy of the letters of appointment or court order. If no online tool was used by the user, the representative must supply a copy of the user’s will, trust, power of attorney, or other record showing consent, along with any additional information requested by the custodian.^[18]

The statute also specifies that, if requested by the custodian, the above-mentioned information can include a number, username, address or other unique subscriber or account identifier assigned by the custodian to identify the user’s account linking the account to the user.[19] Alternatively, the court may determine that: (1) the user had a specific account with the custodian; (2) that disclosing the user’s electronic communications does not violate relevant U.S. laws (such as 18 U.S.C. § 2701 et seq and 47 U.S.C. § 222); (3) the user consented to the disclosure, unless they provided different instructions using an online tool; or (4) that disclosure is reasonably necessary for the administration of the estate.^[20] 

Case Law

Cases decided under the Revised Digital Assets Act’s guidance focus on balancing the privacy of the decedent and the rights of access articulated by beneficiaries, executors, and family members. These cases have aimed to resolve the ambiguities in the Act or rely upon a combination of language in the Act itself and other state statutes that govern digital assets. In most cases, there is a situation where representatives, such as executors or fiduciaries, are attempting to access a decedent’s digital assets and necessitate the court’s involvement to resolve the issue through a fact-finding inquiry.

Ajemian v. Yahoo!, Inc.

Ajemian provides context for the factors courts weigh when cases concerning digital assets and a decedent’s privacy interests come before them. While the Act in question in this case was the Stored Communications Act (SCA), the court’s balancing is analogous to the statutory requirements required by the Revised Digital Assets Act. In this case, personal representatives of an estate sought access to a decedent’s Yahoo! email account.^[21] The decedent had no will and left no instructions about the account.^[22] When estate representatives requested access to the account, Yahoo refused access and cited the Stored Communications Act (SCA) and its own terms of service, which it claimed allowed the denial of access and even the deletion of the account’s contents.^[23] The main issue before the court was to decide whether the SCA barred Yahoo from disclosing the email contents to the estate’s representatives.^[24] Yahoo argued that its terms of service agreement, which users consent to when using an account, gave it the right to refuse access.^[25] However, the court found no evidence of a “meeting of the minds” regarding the terms of service, and therefore, that there was no valid agreement.^[26] Ultimately, the court ruled that the SCA did not prevent Yahoo from voluntarily disclosing the email contents to the estate’s representatives.^[27] In discussing congressional intent in enacting the SCA, the court wrote that

[t]o construe lawful consent as being limited to actual consent, thereby preventing personal representatives from gaining access to a decedent’s stored communications, would significantly curtail the ability of personal representatives to perform their duties under State probate and common law. Most significantly, this interpretation would result in the creation of a class of digital assets — stored communications — that could not be marshalled. Moreover, since e-mail accounts often contain billing and other financial information, which was once readily available in paper form, an inability to access e-mail accounts could interfere with the management of a decedent’s estate.^[28]

This case highlights the balance between an estate’s interest in a decedent’s digital content and the terms of service agreements imposed by tech companies, which preclude other users from accessing the account. It is this balance that courts weigh when a case implicating the Revised Digital Assets Act comes before them.

Estate of Sweezey (New York)

In this case, an executor sought access to a decedent’s particular photographs stored in an Apple account.^[29] The decedent, who died unexpectedly in 2017, was an avid photographer.^[30] The petitioner believed the photos were stored in the Apple account and sought a court order for access. The court noted that the decedent’s will did not explicitly authorize access to digital assets, and there was no proof of the decedent using any online tool to grant such access.^[31] However, the petitioner claimed implicit consent based on their shared use of digital assets.^[32] The petitioner also spoke about how he and the decedent often viewed the photos together on the decedent’s computer.^[33] Petitioner added that, had the decedent not died unexpectedly, they would have transferred the photographs to petitioner’s Apple account as they had intended to.^[34]

In its analysis, the court distinguished between regular digital assets and electronic communications, noting that “this distinction is significant in that disclosure of electronic communications, unlike disclosure of other digital assets, requires proof of a user’s consent or a court order.”^[35] Here, the court ruled that the photographs were not electronic communications and ordered Apple to disclose them.^[36] This case underscores the need for clear provisions regarding digital assets in estate planning, specifying what provisions would apply to regular digital assets and electronic communications and how such could be treated differently when it comes to disclosure.

Holland v. Signal Fin. Credit Union (Maryland)

In this case, the issue was whether Mr. Holland, executor of Evelyn Holland’s estate, was entitled to access her digital assets without a written request and proof of authorization, as required by Maryland’s version of the Revised Digital Assets Act.^[37] The tech company against whom the petitioner sued was Signal, the secure messaging application. Mr. Holland only made oral requests and argued that Signal’s refusal violated the Act and caused him harm by denying access to account statements.^[38] Signal contended they were not obligated to grant access without written proof of authorization.^[39]

Mr. Holland admitted he had no written authorization from the decedent and had not made a written request.^[40] He claimed the decedent’s will and the statute authorized his access, but the court found no evidence supporting this.^[41] The court emphasized that Maryland law requires a written request and proof of the decedent’s authorization for digital access, stating that “a fiduciary is only entitled to digital access of a decedent’s bank accounts if they present certain evidence that the decedent wished for them to have such access.”^[42] Since Mr. Holland failed to meet these requirements, the court ruled in favor of Signal, concluding they rightly denied his oral requests.^[43] This case shows an example of a court requiring explicit, written proof that authorizes access to a decedent’s digital assets in accordance with their state law mirroring the Revised Digital Assets Act.

Matter of Serrano (New York)

In this case, the petitioner sought access to his deceased spouse’s Google email, contacts, and calendar information to “inform friends of the passing” and to “close any unfinished business.”^[44] Google required a court order confirming that disclosure would not violate laws such as the Electronic Communications Privacy Act.^[45] The issue was whether Google must disclose a catalog of electronic communications (excluding content) to the estate’s representative upon receiving a written request, death certificate, and fiduciary appointment.[46]

The court reasoned that under Article 13-A of the Estates, Powers and Trusts Law, modeled after the Revised Uniform Fiduciary Access to Digital Assets Act, Google had to disclose the information requested if the petitioner presented to them the written request, death certificate, and fiduciary appointment.^[47] The court also clarified that “[a] deceased user’s calendar  kept electronically is . . . a digital asset that does not include ‘content of electronic communications,’ and, therefore, must be disclosed to a personal representative by a custodian of such a record pursuant to EPTL 13-A-3.2.”^[48] Thus, the petitioner, as voluntary administrator, had the authority to request  Google to disclose the contacts and calendar information.^[49] The court found that the petitioner met the statutory requirements and that disclosure was necessary for estate administration.^[50] The court issued a certificate authorizing the petitioner to request this information.^[51] However, the request for email content disclosure was denied without prejudice, pending further application proving its necessity for estate administration.^[52]

Lessons and Recommendations from Case Law 

These cases illustrate the factors courts weigh when granting requests to access to a decedent’s digital assets. These factors include the explicit consent for access given by a decedent, whether access to the digital assets is necessary for the administration of the estate, the privacy interests and concerns of the decedent and any third parties who may be affected by the disclosure of the digital assets, and the type of digital asset left behind by a decedent. Although most states have adopted the Revised Digital Assets Act and so petitioners must follow the demands of this statute when seeking access to a decedent’s digital assets, there is still some uncertainty because so many factors are at play.

To deal with these uncertainties, users should be proactive about access decisions and technology companies should streamline the process of using their available legacy tools. For example, before creating an email account or a social media account, users should carefully read the terms of use agreements.  Another practice for technology companies to consider would be to create two separate boxes to check, one being the regular terms of use agreement that most companies currently require, and a separate box that gives notice regarding digital assets or access to electronic communications and content. To make such notice useful in practice, the contents of this second agreement would need to be clear and concise. At the same time, this segment of the second agreement should incorporate a simplified version of the procedures a user needs to follow to grant access to their accounts.

More practically, users should make sure to access the legacy tools already available through these accounts. For example, Facebook already has a way for users to designate a beneficiary, or to prevent access to their accounts by beneficiaries through the option of deletion upon death, through their “legacy contact” tool.^[53] Similarly, Google has a tool called the “Inactive Account Manager” tool, which permits “users to set preferences on the deletion or downloading of their data by either marking select data for deletion upon inactivity, or designating a trusted contact by phone number whom upon inactivity would receive notification and access to download the selected data.”^[54]

As it pertains to the role of estate attorneys, they should first help their clients develop a list of their digital assets and accounts. On top of that, the estate attorney can help integrate these digital assets in a will or writing and specify what person or group of people a client would want to grant access to their digital assets and accounts. The more specific the writing, the easier it will make it for a petitioner to gain access. The reason for this is that many companies place hurdles on someone gaining access to a user’s digital assets to protect their privacy. As seen above, some companies demand a court order before they can grant access. This privacy interest can be addressed if there is sufficient proof that access is what the decedent intended. The practical effect of this would be akin to a Health Proxy form, where a person can grant permission to others to make healthcare decisions for them.

With all this said, I suggest that the courts should employ a presumption of non-disclosure that can be overcome in limited circumstances where a petitioner’s request for access and the relevant interest at stake significantly outweighs the decedent’s privacy interest. For instance, this is what the court did in Holland because Maryland’s version of the Revised Digital Assets Act required a formal writing granting access. At the same time, I understand that this presumption might be too much to ask of a consumer who is not thinking about death and that some courts might be better off with their current approach, hearing cases as they come in and evaluating whether to disclose based on the facts before them.

Conclusion

As technology continues to shift and evolve, this area of the law becomes more muddled. This results in an unsatisfactory answer when it comes to making a clear-cut suggestion of what processes Congress and the courts should adopt when revising the law or interpreting it. Indeed, compelling users to leave everything in writing might deprive people seeking access from valuable digital assets such as family memories or financial assets. Having unrestricted access, however, could result in a breach of a decedent’s privacy and expose details that were meant to remain private and personal. A deceased should have a say in their legacy, and who can access, distribute, and manipulate it, even after death.

 

References

^[1] Digital Assets, Internal Revenue Service, https://www.irs.gov/businesses/small-businesses-self-employed/digital-assets (last visited Aug. 29, 2024).

^[2] Id.

^[3] Betsy Simmons Hannibal, The Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), NOLO, https://www.nolo.com/legal-encyclopedia/ufadaa.html (last visited Oct. 14, 2024).

[4] Id.

^[5] Id.

^[6] Id.

[7] Hannibal, supra note 3.

[8] § 51:6. Revised Uniform Fiduciary Access to Digital Assets Act, 1 Revocable Trusts 5th § 51:6

[9] What is RUFADAA: The Revised UFADAA Explained, Bequest.com (Nov. 21, 2023), https://bequest.com/blog/ufadaa-revised-what-is-rufadaa.

[10] Community Home, Uniform Law Commission, https://www.uniformlaws.org/committees/community-home?communitykey=f7237fc4-74c2-4728-81c6-b39a91ecdf22 (last visited Nov. 22, 2024).

^[11] Hannibal, supra note 3.

[12] Hannibal, supra note 3.

^[13] Revised Uniform Fiduciary Access to Digital Assets Act, Uniform Law Commission, § 2.10

^[14] Me. Rev. Stat. tit. 18-C, § 10-106.

^[15] Id.

^[16] Id.

^[17] Me. Rev. Stat. tit. 18-C, § 10-107.

^[18] Id.

[19] Id.

^[20] Id.

^[21] Ajemian v. Yahoo!, Inc., 84 N.E.3d 766 (2017).

^[22] Id. at 768.

^[23] Id.

^[24] Id. at 770.

^[25] Id. at 778-79.

^[26] Id. at 779.

^[27] Id. at 778.

^[28] Id. at 774-75.

^[29] Estate of Swezey, 2019 NYLJ LEXIS 135, at *1.

^[30] Id.

^[31] Id. at *2.

^[32] Id.

^[33] Id.

^[34] Id.

^[35] Id. at *3.

^[36] Id. at *3-*4.

^[37] Holland v. Signal Fin. Credit Union, No. TJS-22-2701, 2024 U.S. Dist. LEXIS 7365, at *4 (D. Md. Jan. 16, 2024).

^[38] Id. at *5.

^[39] Id. at *7.

^[40] Id. at *8.

^[41] Id.

^[42] Id. at *9.

^[43] Id. at*10.

^[44] Matter of Serrano, 2017 NY Slip Op 27200, ¶ 1, 56 Misc. 3d 497, 498.

^[45] Id.

[46] Id.

^[47] Id.

^[48] Id. at ¶ 3, at 566.

^[49] Id.

^[50] Matter of Serrano, 2017 NY Slip Op 27200, ¶ 3, 56 Misc. 3d 497, 498, 54 N.Y.S.3d 566.

^[51] Id.

^[52] Id.

^[53] Jared Walker, Comment, Return Of The UFADAA: How Texas and Other States’ Adoption ff the RUFADAA Can Change The Internet, 8 Tex. Tech Est. Plan. Comm. Prop. L.J. 577, 586 (2016).

^[54] Id.

 

I don’t think you need to cite here but elaborate. How do the Digital Asset Act’s provisions interfere with tech companies self-autonomy to manage content on their own platforms?