In Posthumous Privacy, Decedent Intent, and Post-Mortem Access to Digital Assets, Alberto B. Lopez discusses a distinctly modern problem: how much access should a personal representative have to decedent online accounts? Surprisingly few states have addressed this important question, although there is a recent flurry of proposals. Lopez argues that the legislative debate has failed to account for the decedent’s privacy interest and has mostly ignored decedent intent, the lodestar of estates and trusts law. He concludes that when decedent privacy and intent are properly “included in the legislative balance,” policies will lean “toward non-disclosure for individuals who die intestate and toward disclosure if the testator has instructed [by will] that account contents be available.” (P. 242.) While I would ultimately permit more access than Lopez recommends, his article is a must-read because it highlights an important estate planning problem and makes the reader ponder the appropriate scope of post-mortem privacy.
Digital accounts contain a plethora of information: photographs and other individual memories, email correspondence, entertainment files, individual work product, career information, financial data, and on and on and on. Some of this information makes the job of administrating an estate easier; some of it has subjective value to the decedent’s survivors; and some of it may even have actual market value.
Legislation defining a personal representative’s right of access is important because few decedents leave behind a list of accounts and the corresponding passwords. In the absence of a password, personal representatives cannot access an account without help from the service provider—Google, Facebook, or whomever. When asked for help, companies turn to their service agreements. As Lopez documents, these agreements are decidedly unfriendly towards personal representatives seeking access. Lopez’s article is filled with examples of family members litigating with tech companies over access to online accounts, including a father trying to determine whether his daughter left behind any unfinished literary works and a mother trying to access her son’s Facebook page after he was killed in a motorcycle accident.
Lopez describes the issue of access as “a tug-of-war between two basic principles—property rights versus the right to privacy.” (P. 202.) For those seeking access, “the information in the online account is property owned by the account user to be distributed at the user’s death.” (P. 202.) From the perspective of the online service provider, however, “whatever property rights a decedent may have in the contents of an account are trumped by the provider’s commitment to the privacy interest of its users.” (P. 202.)
Lopez carefully reviews the various legislative proposals and explains how they reflect either the property or privacy perspective or try to bridge the gap between the two. On the property side of the spectrum, for example, is a model law that “vest[s] fiduciaries with the authority to access, control, or copy digital assets and accounts.” (Pp. 203-204.) On the other side of the spectrum is a bill which requires personal representatives to obtain a court order before accessing online accounts and then narrowly defines the circumstances in which a court can grant such an order. Proposals that seek a Goldilocks compromise acknowledge that digital accounts are decedent property, but nonetheless restrict access by personal representatives on privacy grounds.
Lopez argues that debate over these proposals falls short in two ways. First, it does not adequately consider the decedent’s own privacy interest in account information. Instead, the debate focuses on the privacy of third parties whose information is tangled up with the decedent’s and might be revealed to the personal representative. Second, the debate has largely ignored decedent intent; that is, no one is focused on whether decedents would want their personal representatives to have broad access to digital accounts. (P. 229.) The combination of decedent privacy and intent lead Lopez to favor broad restrictions on a personal representative’s access to digital accounts, unless a decedent has a will that specifically grants access.
Lopez acknowledges that the common law does not recognize a post-mortem privacy interest. But he argues that misinterpretation, possible harm from disclosure, and collective action problems create the need for such a privacy interest, at least in the context of online accounts. (P. 227.) Lopez emphasizes the pitfalls of electronic communication, particularly how tone and meaning can be misunderstood. A living person can explain what is in an online account and minimize misinterpretations, but a decedent cannot. (Pp. 225-26.) Because digital accounts also contain both “sent” and “received” messages and material that is “co-constructed,” some people may suffer unintended harm “if privacy is not preserved at death.” (P. 228.) Although in extreme cases a survivor may take legal action to protect information in the decedent’s account, the more likely scenario is collective harm to multiple survivors, but with no single survivor experiencing enough harm to incentivize action. Lopez argues that these problems may warrant “a firewall” around a decedent’s online accounts.
Consistent with estates and trusts doctrine, Lopez writes that the central question is whether the decedent “intended to have the contents of online accounts remain private after death.” (P. 219.) If the decedent has a will that speaks to access, then the will should control. But most decedents die intestate or with wills that are silent about online accounts. Lopez cites survey data showing that 70% of respondents favored post mortem privacy, although he acknowledges methodological shortcomings in the survey instrument. Beyond survey data, however, the practical reality is that personal representatives are likely a decedent’s spouse or other very close relative. Lopez notes the strong possibility that “private communications stored in a decedent’s online account contain private information about the very person who will be given access to the account,” some of which may be particularly hurtful or that the decedent never intended to be seen. (P. 233) Lopez argues that these “mechanics of probate” suggest that decedents would prefer “a default rule of nondisclosure or very limited access.” (P. 233.)
Despite Lopez’s careful arguments, the pondering he prompted leads me to favor broader access for personal representatives than Lopez would prefer. For me, the issue of post-mortem privacy is inextricably linked to the reasonable expectations of the decedent and those tangled up in the decedent’s online accounts. In the age of Sony emails and pictures of a naked Jennifer Lawrence on iCloud, I question how the living, much less the dead, can have reasonable expectations of online privacy. Even beyond the possibility of cyber attack, sharing information with even one person always risks exposure. Beware the screenshot function on the iPhone or the “forward” command in Outlook; everything is one click away from being shared. Moreover, death is a mercilessly unprivate affair—from what happens to the body, to the cleaning out of one’s dwelling, to the public probate process. As for intent, I suspect that most decedents’ online life is a mixed bag, with some content they would prefer remain private and other content they would like their survivors to have. I worry more about what would be lost with restricted access than what would be revealed. Our online lives are vast closets, with a durability and magnitude far beyond what any hoarder could achieve in the physical world. But even though I would open the door wider than Lopez, I commend him for a painstakingly well-researched article that draws attention to an important estate planning issue and forces readers to consider whether dead head control should extend into the digital world.