What happens to your on-line persona when you die? Until recently, this never occurred to me; if I am thinking about my demise, I think of more prosaic things like what will happen to my McCoy potterycollection. But, at a recent college reunion I talked to a classmate, Cynthia McNicholas, about her practice as a trusts and estates lawyer in suburban Philadelphia. She counsels individuals about estate planning, powers of attorney, wills, probate, guardianships, and related real estate issues. She doesn’t see much e-discovery in her practice, but we found common ground on the subject of social media content. When I expressed interest in the subject of what happens to social media content post mortem, Cyndi put me in touch with Trisha Hall, a trusts and estates practitioner at Bayard P.A. in Delaware and southeastern Pennsylvania and frequent speaker, who shared valuable research materials with me.
A New Issue for Estate Planning
Increasingly, clients seeking trusts and estates counseling have an on-line presence—email accounts such as Yahoo! and Gmail, photo site memberships such as Flickr and Picasa, and social media memberships such as LinkedIn and Facebook. Clients now express concern about those accounts and how they live on after death; for example, that individuals may post on their Facebook pages, or that ads may appear that the client would not approve of and would normally delete; in essence, that after death the individual has no control over what appears on the site. There is even a possibility that post-mortem content added by someone else could cause, contribute to, or become part of litigation, necessitating the collection of content as part of the eDiscovery process. There is a developing demand for lawyers who counsel about and draft powers of attorney (POAs) and wills to help clients control these accounts and memberships by providing for action to be taken post mortem.
The following is an example of a POA clause prepared by Ms. Hall that addresses these concerns. It empowers the holder of the POA:
(23) to access, use, control, modify, delete and transfer digital devices (e.g., computers, tablets, peripherals, storage devices, mobile telephones, smartphones, etc.), digital assets (e.g., music, photographs, licenses, videos, currency, etc.), and digital accounts (e.g., email accounts, social media accounts, file sharing accounts, financial accounts, etc.) which I may own or have a license to use, now or in the future…
A POA operates during a person’s lifetime and the authority terminates at their death. For post mortemcontrol, a similar power granted to an executor is included in the client’s will.
Do statutes or other sources prohibit or inhibit a third party from accessing these online assets? Federal laws such as Graham Leach Bliley and state privacy laws may make it illegal, or even a crime, to access online assets without authority. To date, state statutes or pending legislation primarily address access to social networking and email accounts, but not other types of accounts. In addition, they typically only address access by authorized representatives after death, and not upon incapacity.
Google has addressed this issue in an orderly fashion:
Accessing a deceased person’s mail
If an individual has passed away and you need access to the contents of his or her email account, in rare cases we may be able to provide the Gmail account content to an authorized representative of the deceased user. We extend our condolences and appreciate your patience and understanding throughout this process.
At Google, we’re keenly aware of the trust users place in us, and we take our responsibility to protect the privacy of people who use Google services very seriously. Any decision to provide the contents of adeceased user’s email will be made only after a careful review, and the application to obtain email content is a lengthy process. Before you begin, please understand that Google may be unable to provide the Gmail account content, and sending a request or filing the required documentation does not guarantee that we will be able to assist you.
Google then requires a two-step process by which a person provides documentation and information to Google. Access is still not guaranteed. In addition, Google now has an Inactive Account Manager service that allows a user to have someone access content after a period of inactivity and attempts to contact the user, on terms defined by the user.
Facebook’s terms say:
Facebook users provide their real names and information, and we need your help to keep it that way. Here are some commitments you make to us relating to registering and maintaining the security of your account:
8. You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
9. You will not transfer your account (including any Page or application you administer) to anyone without first getting our written permission.
Note that the language used is soft—the user is “making a commitment”—and no consequences are listed for actions inconsistent with these “commitments”—in fact, what could the consequences be? And what is the status of a POA holder in the context of accessing an account? If the POA holder stands in the shoes of the grantor of the POA, isn’t it, as a legal matter, as though the member herself is accessing or deleting the account? What about #9, transferring the account? This may be a little more straightforward—the grantor of a POA can give the POA holder the ability to manage an account in any way, and the ability to do this is secured through permission from the social media site.