Traditionally, a person’s most valuable assets to be distributed upon death consisted of tangible items such as real property, cash, jewelry and personal effects of sentimental value like photographs and letters. However, the advent of the digital age has brought a shift from file cabinets, mailmen and photo albums to cloud storage, e-mail accounts and online photo streams. Today, virtually everyone has at least some assets that are not physical, but are stored as data and accessed via the Internet. “Digital assets” may include, for example, text messages, instant messaging accounts, e-mails, documents, audio or video images and sounds, social media content, health insurance records, source code, software, databases, online bank accounts, blogs, and the user names and passwords necessary to access online accounts, among other things. More specifically, consider a person’s PayPal or Venmo accounts, which might contain large sums of money, or Google, Yahoo, Facebook or Instagram accounts, which might contain letters, pictures, videos and other items of intrinsic value. The steady growth of most individuals’ online presence has given rise to a novel legal issue – authority over administering the digital assets and accounts of an account holder upon death or disability.
In July 2014, the Uniform Law Commission – a group of lawyers appointed by each state to help create standardized laws – released the Uniform Fiduciary Access to Digital Assets Act (the “UFADAA”), a model statute aimed at ensuring that account holders can retain control of their digital property and plan for its ultimate disposition after their death. Under the UFADAA, a fiduciary managing an individual’s tangible assets may also manage that person’s digital assets with the same right of access as the account holder himself, so long as the account holder did not otherwise prohibit such access by will, trust, or other legal document. The UFADAA provides that a fiduciary can gain access to, but not control of, a person’s digital accounts for the purpose of carrying out his fiduciary duties and remains subject to other laws, such as federal copyright and privacy laws. For example, an executor may access a decedent’s e-mail account to take inventory of estate assets, but may not publish the decedent’s confidential communications or make copies of or distribute copyrighted content from the account.
Under the UFADAA, if the company that controls or stores a person’s digital assets or accounts (the “operator”) has a terms of service agreement, privacy policy, end user license agreement or other analogous agreement with the account holder that limits a fiduciary’s access to the account holder’s digital assets or accounts without requiring affirmative action by the account holder, the relevant provisions will be void as against public policy. Although the UFADAA allows an account holder to knowingly and intentionally opt out of fiduciary access in such an agreement, boilerplate provisions cannot be used to override the model statute. To gain access to an account holder’s digital assets under the UFADAA, the fiduciary must send a request to the operator along with a certified copy of the document granting fiduciary authority (e.g., letter of appointment, court order, certification of trust). Operators receiving ostensibly valid requests for access are immune from liability for good faith compliance.
In August, Delaware became the first state to enact a law modeled after the UFADAA, with the passing of its Fiduciary Access to Digital Assets and Digital Accounts Act (the “Delaware Act”) set to become effective January 1, 2015. The Delaware Act provides that a fiduciary with authority over an account holder’s digital assets or accounts will have the same access as the account holder and defines “digital assets” and “digital accounts” broadly.
While some see the UFADAA and the Delaware Act as a welcome solution to the estate administration issue raised by the rise of digital property and electronic communications, industry groups have been quick to criticize this new legislation as encroaching on the privacy rights of the deceased or incapacitated, noting that online companies already have privacy tools in place to address the issue. In a recent blog post, Yahoo’s Senior Legal Director for Public Policy criticized the UFADAA for the “faulty presumption that the decedent would have wanted the trustee to have access to his or her communications” and for “set[ting] the privacy default at zero.” According to Yahoo, its terms of service was crafted with its users’ privacy in mind and the privacy of those who are party to sensitive e-mail communications. Yahoo’s terms of service provides, in relevant part:
No Right of Survivorship and Non-Transferability. You agree that your Yahoo account is non-transferable and any rights to your Yahoo ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.
Yahoo is not the only company that has publicly opposed the UFADAA and the Delaware Act – Facebook has stated that it agrees with the concerns raised by Yahoo and Google previously co-signed an industry letter to Delaware’s governor, before the Delaware Act was enacted, urging that he veto the proposed law.
There is no doubt that the Internet age has radically transformed the nature of property and communication and, regardless of where applicable state law come out on the UFADAA, it is important to consider one’s desires with respect to access to digital accounts and assets in planning for death or incapacity.