DOVER, Del. - When Donna Johnson’s father died suddenly of a massive heart attack, her mother tried to get access to his email account and digital photo repository. She wanted to pay bills and make sure that treasured family photos remained intact.
Even though she was executor of his will, his widow was stunned to learn that in her state — as in many others — she had no legal right to access his online accounts.
“This caused a lot of emotional wear and tear on my mother. The whole situation was extremely traumatic, and this was just one more thing she had to deal with,” said Johnson, 43, who is executive director of the Delaware State Board of Education.
Johnson eventually reached out to a state legislator she knew, and last month, the Delaware Legislature passed a bill that would grant executors and other fiduciaries access to a dead person’s digital information. It is awaiting action by Democratic Gov. Jack Markell.
If the bill is signed into law, Delaware would join at least eight other states in enacting legislation dealing with digital assets.
The laws run the gamut from requiring Internet providers to give an executor access to all contents of a dead person’s email to granting the personal representative of someone who dies the power to terminate his social media accounts. At least 10 other states considered digital assets legislation this year.
“This is one of those issues where the law has not kept up with these new technologies and accounts that have been created,” said Pam Greenberg, a senior fellow at the National Conference of State Legislatures. “I’m sure we’ll see additional legislation in this area.”
While a growing number of states are passing digital estate laws, many in the tech industry have been fighting back, citing concerns about privacy and liability.
Lobbyists for some of the nation’s largest tech companies tried to kill the Delaware bill, which deems digital assets such as email, social media, photos and financial management accounts part of a person’s estate upon death. Executors or trustees would be given the same control over those assets as they have with physical assets, such as safety deposit boxes and stock certificates, unless the person stipulates in his will that he does not want that information released or gives other specific instructions.
Guardians of people who become incapacitated also could gain access to digital assets, but they would need a court order.
If the Delaware measure becomes law, it would supersede any “terms of service” agreements that users have with Internet and social media providers. However, if a person specifies in a separate online tool, such as Google’s “inactive account manager” that he wants emails deleted or transferred to a particular person after a period of inactivity, that would take precedence.
“We put in provisions that prohibit the tech companies from making the choice for you. They can’t, in their service agreement, say that upon your death, we’re going to delete your account,” said Democratic state Rep. Darryl Scott, who co-sponsored the legislation and worked with the state’s bar association to get it passed. “We were trying to restore control to the family to make those decisions, just as they do with many other things, like journals and letters and safety deposit boxes.”
Delaware’s bill is similar to a model law endorsed last month by the Uniform Law Commission, a nonprofit organization of lawyers, including legislators and judges, appointed by each state government. The group researches and drafts standardized state laws that can then be considered by legislatures. Benjamin Orzeske, the commission’s legislative counsel, said the group spent two years working on the digital assets proposal, and he thinks it will be introduced in about a dozen states next year. “This law isn’t changing the level of privacy,” Orzeske said. “It’s just making it media neutral, whether it’s on paper or online.”
But some in the technology industry warn that the model law and the Delaware bill remove users’ privacy protections.
“What happens to digital accounts when you die is an issue of great concern to our members because they are the custodians. They are concerned about creating a safe and secure environment for our users,” said Carl Szabo, policy counsel for NetChoice, a trade association whose members include AOL, Yahoo, Facebook and Google.
Online providers also worry about liability, especially if an email contains information about a third party.
“If somebody died who’s a drug counselor or psychiatrist or doctor, they’re likely to have a lot of stuff in their email from patients, which is quite confidential,” said Jim Halpert, an attorney for DLA Piper who represents a coalition of 21 technology and media companies. “Under these bills, the fiduciary gets everything. They could turn around and file a very costly class action lawsuit against the service provider.” Orzeske, of the Uniform Law Commission, disputes that scenario. He said that before the Internet age, doctors and drug counselors kept files with confidential information that could be accessed by a fiduciary if they died. Any fiduciary who released confidential information about a patient would bear the liability, Orzeske said.
“If the executor of a doctor’s estate needed to get into his office and shred files or give them to the doctor’s business partner, they’d have to get into his office, and they’d have access to confidential records,” Orzeske said. “If the building custodian lets them into the office, he isn’t the one who is liable. The fiduciary is.” The tech industry also argues that this type of legislation is in direct conflict with the 1986 federal Electronic Communications Privacy Act, which prohibits custodians of digital assets from releasing them to a third party without the sender’s or receiver’s permission or a court order.
“Not only is it a privacy issue, but the federal law prohibits us from disclosing that information without consent. The act of dying is not equal to consent,” Szabo said. “We’re not only liable to the sender and recipient but anyone harmed or grieved by that disclosure.”