By Karen J. Kiley, Clinical Fellow, Speech, Privacy, & Technology Project, ACLU
Modern technology makes our lives more convenient, and our deaths more complicated. Today when we die we leave behind not just physical belongings but also a vast amount of electronic “belongings.” Photos are no longer printed in an album on a shelf; but uploaded and shared. Diaries are not handwritten journals anymore; but a series of blogs or tweets. Salacious love letters aren’t penned on paper and burned or thrown away; but sent via email or text where fleeting feelings can be preserved forever.
The question of how to handle this digital data is a complicated one — but could have huge implications for internet privacy. Several states are currently considering ‘digital estate’ laws that will leave your private data exposed after your death. However, a few internet companies are making it possible for you to decide for yourself what happens to your digital data when you die. Facebook is the latest company to create an easy way to do that.
This all may seem silly at first blush. Do we really need control of our Facebook wall from beyond the grave? But it’s not the choice between memorializing or deleting the account that is important. Rather, it’s about having the choice at all. Without it, everything you’ve ever uploaded or posted online is at risk of being viewed and potentially distributed — the moment you die. That’s bad news not just for you, but for any third party you’ve ever communicated with online.
Most people do not expect their internet privacy to end when they die. But under the rules being proposed in several states, the executor of an estate (a person either appointed in a will or chosen by the court — often a relative) would be given full access to all of the deceased person’s online accounts. Every iMessage chat with friends. Every inappropriate inside joke email. Every racy love letter. Every scorned suitor on your dating profile. Every embarrassing photo buried in the Cloud. Every bank statement, medical record, support group or spiritual guidance. Every single thing ever sent, received, or stored electronically — potentially spanning decades — would be made available to the executor, even if the digital account has no fiscal value and isn’t necessary to close the deceased’s estate.
This approach is dead wrong — and could change the way we use the internet. Most people do not edit their online lives. Password-protected accounts and unlimited storage space eliminate the need to actively cull and permanently delete information. For example, an email address may hold millions of old messages, whereas a house may hold only a handful of similar letters sent through postal mail. And the level of privacy provided to the deceased directly impacts the expectations of the living; if we expect our online communications to remain private tomorrow, we can freely express ourselves today. Without this future guarantee, we may choose to self-censor out of fear that others will later see our intimate speech. Allowing a third party to have unfettered access to this digital information puts an expiration date on our privacy.
The ACLU has joined with other organizations in lobbying against these bills in many states. And there is an alternative legislative proposal sponsored by the tech industry that offers much stronger privacy protections, which is a better option for a default rule for digital personal effects.
The problem is, any default bill is at heart a one-size-fits-all solution that cannot take into account personal preferences for what should happen to your digital information at death.
So what is a digital citizen to do in the face of this situation? Fortunately, some of the biggest digital companies are starting to give their users a way to set a preference for how their digital estates are handled. Facebook recently created a new Legacy contact function, and Google previously launched a similar feature called Inactive Account Manager. These represent a bold step in consumer choice. Death is not easy to talk about, and it is no surprise that most internet companies do not want to constantly remind their users about their impending mortality. But such settings are critical because it gives users the power to decide what happens to their accounts after their death. In Facebook's Legacy Contact setting, for example, users can choose to delete their account when they die, or let someone manage their ‘memorial’ page by designating a person to accept friendships on their behalf, post messages, or download content.
Without such a setting, the only way to protect your privacy is by creating a digital will. Most people don’t have wills, and the vast majority of those who do haven’t discussed how it would apply to online speech and assets. People shouldn’t have to hire a lawyer to get out from under these proposed state default rules that don’t protect their privacy. Privacy shouldn’t be a luxury for the highest bidder.
That’s why more companies should follow Google and Facebook’s lead and offer this feature to their users. And they should do so now, before states pass these well-intentioned but misguided laws that would take those choices away from individual users. Take advantage of these settings! And demand other internet companies offer a similar choice.