Fiduciary Access to Digital Assets

US: Legislating for Digital Remains

Uniform Law Commission: Fiduciary Access to Digital Assets

The Uniform Law Commission (ULC) also known as the National Conference of Commissioners on Uniform State Laws is a non-profit organisation, in the United States, that promotes the principle of uniformity by drafting and proposing specific statutes in areas of the law where uniformity between the states is desirable.  A ULC drafting committee has, since 2012, been working on a proposed Fiduciary Access to Digital Assets Act (FADA).  The issue was first raised with the ULC in May 2011.  To date five drafts for discussion have been prepared (see: here, here, here and here) the latest of which issued on 3 March 2014 will be discussed at this weekends (21-22 March 2014) final drafting committee meeting.

The stated purpose of the Act is to vest fiduciaries with the authority to access, manage, distribute, copy or delete digital assets and accounts.  Four types of fiduciary fall within the scope of the Act: personal representatives of decedents’ estates, conservators for protected persons, agents acting pursuant to a power of attorney, and trustees.  The focus of this blog post will be on the proposed sections which relate to the personal representatives of a deceased person – more commonly known as an executor or administrator under Irish law.

Scope of the Act: access to digital assets

The proposed Act will create a statutory default in favour of personal representative access to a decedent’s digital assets.  “Digital assets” are defined (section 2(8)) as “electronic records” and this includes the “catalogue of electronic communications” and the “content of electronic communications”.  The rather cumbersome three part definition arises from the perceived need to distinguish electronic communications protected from disclosure by the federal Stored Communications Act (SCA).

The SCA protects the contents of certain electronic communications and records from disclosure by providers of “electronic communication services” and “remote computing services” which are provided to the public.  The SCA creates a significant legal obstacle for persons seeking access to a decedent’s Internet based accounts.  For example, the UK based surviving family of Sahar Daftry, who died in 2009, sought a court order compelling Facebook to disclose the contents of her account.  Access was blocked by Facebook who relied upon the SCA provisions, in the Californian courts (see Jim Lamm’s excellent blog post for more details on the September 2012 court judgment).

Under FADA the personal representative is deemed (section 8(a)(2)) to have the “lawful consent” of the account holder, in order to permit a custodian to disclose electronic communications which would otherwise be prohibited by the SCA.  It is important to note that this deemed “lawful consent” merely permits the custodian to disclose the communications it will not make release to the personal representative mandatory.  The proposed Act also deems a personal representative an as “authorized user” in order to shield them from possible criminal sanction under the federal Computer Fraud and Abuse Act (CFAA) and similar state laws.  It should be noted that FADA will also authorise a personal representative to access the personal devices (smartphone, tablet, laptop, etc …) of a deceased person and any digital assets stored on them (section 8(d)).

What is a “digital asset”?

Unfortunately the scope of the proposed Act remains uncertain.  This is due, in part, to significant changes in definitions that evolved during the drafting process and a reliance on circular and linked definitions of “account holder”, “terms-of-service agreement” and “custodian” (the person that stores or controls a digital asset).  Nevertheless a digital asset of an account holder who entered into a terms-of-service agreement with a custodian falls within the scope of the Act.  

Does this include work or employment related accounts?  A comment accompanying section 2 of the Act (page 6) claims that a “custodian does not include an employer”.  Further development of this point confirms that this is so because an employer typically does not have a terms-of-service agreement with an employee.  Despite the information contained in work related accounts meeting the general definition of a “digital asset” it seems that a personal representative will not be able to gain access to them.

Does the same exclusion apply to a student e-mail or learning account?  Based on the terms-of-service agreement test many student accounts may fall also outside the scope of the proposed legislation.  I would urge the drafting committee to tighten up this area.  Should they wish to exclude certain types of account or custodian this should be clearly defined within the Act.  The Massachusetts Senate Bill 702 contains an exclusionary provision which confirms that the scope of the proposed Bill would “not apply to accounts created, administered, or hosted by an employer for an employee.”  A similar provision would bring much needed clarity to the ULC proposal.

The drafting committee have also struggled with the issue of copyright.  They are clear that digital assets do not include any material that the account holder has not obtained legally, such as pirated media.  Section 9(a)(3) further limits a personal representatives right to a copy of a digital asset where it is subject to the copyright of a third party.  This limitation is in response to content industry fears that digital copyright material which the deceased account holder had acquired either under an end user license agreement (EULA), or had somehow unlawfully acquired, would be lawfully transferable at death.  

The breadth of the limitation could see a personal representative only being able, as a right, to obtain a copy of content which the deceased person themselves created.  Potentially every other piece of content – including the text of an e-mail, audio, video and photographs – shared with the decedent or otherwise accumulated in their account, may be subject to copyright protection.   To acquire copyright protection a relatively low threshold of originality is all that must be met.  This issue is among those “flagged” to be discussed at this weekend’s meeting.  

What does “access” mean?

The personal representative may gain access in one of two ways.  Firstly, if they have the password for the account they may use it to access the digital assets in the account.  This is permissible even if a clause exists in a terms-of-service agreement prohibiting such third-party access to the account (section 8(c)).  The comments accompanying the Act point to the example of digital locker services which facilitate the transmission of passwords following death.

The second means of gaining access to a digital asset is through a formal request to the custodian.  Section 9 sets out the formalities.  A personal representative may request:

(1) access to the asset;
(2) control of the asset; or
(3) a copy of the asset unless the asset is subject to the copyright of a third party.

The request to a custodian must be accompanied by a certified copy of the letter of appointment of the representative or a small estate affidavit.  Once received the custodian must comply with the request within 60 days.  If the custodian fails to comply, the personal representative may apply to the court for an order directing compliance.

Once the personal representative has authority and has gained access to the digital asset they may take actions concerning the asset subject to the the terms-of-service agreement.  Therefore, the personal representative “steps into the shoes” of the account holder, with no more – and no fewer – rights.  Control of the digital asset by a personal representative is not considered a transfer of a property right in the asset.  All the personal representative acquires is the right to access subject to the terms-of-service agreement of the custodian.

Can account holders bequeath digital assets?

Answering this question provides a good example to demonstrate the limits of personal representative access created by FADA.  Despite the distribution of a digital asset forming part of the original stated purpose of the Act no such power is created to over-ride the terms-of-service agreement.  Unless a terms-of-service agreement provides for posthumous transmission of a digital asset a personal representative with access is not empowered to distribute it to a beneficiary.

Can access to digital assets be prevented?

The default access created by FADA can only be prevented by an account holder in two ways.  A decedent’s will can over-ride the personal representative’s authority (section 4).   Therefore a provision contained in a will can prevent access to digital assets.  However, this option to prevent access is limited.  A large number of people fail to make a will and die intestate – leaving no actionable instruction to prevent access.  Furthermore, in many jurisdictions (including US states) children do not have the legal capacity to make a valid will.  Therefore, access to the digital assets of children will be the default rule with very limited exceptions.

The second means to prevent access relates to an in-service choice by the account holder.    The optimal solution would be to promote and create in law recognition for a Google Inactive Account Manager type solution.  Google’s in-service feature permits an account holder to identify individual Google accounts and services, such as Gmail, Calendar, Google Plus, Google Drive, Blogger, YouTube and Picasa web albums, and pre-designate to whom, if anyone, the data related to these services should be shared with following a period of inactivity.  The option also exists to delete all data immediately after the period of inactivity, or after the specified distribution actions have been taken by Google.

The drafting committee do appear to be edging towards recognising an account holders in-service choice to opt-out of personal representative access.  Section 8(b) of the current draft contains an awkwardly worded section which attempts to give effect to an in-service opt-out:

any provision in a terms-of-service agreement that limits a fiduciary’s access to the digital assets of the account holder under this [act] is void as against the strong public policy of this state, unless the limitations of that provision are signed by the account holder separately from the other provisions of the terms-of-service agreement

Some custodians (service providers) are seeking a weaker provision which permits them to prevent access where the terms-of-service agreement conspicuously provides a default rule for deleting the contents of the account upon death of the account holder or where it permits an account holder to pre-designate another individual to have access to the account following death.  It is important to note that this weaker provision would prevent access by merely presenting a choice to an account holder rather that the account holder actually making a choice to pre-designate another individual to access the account.

The drafting committee should seek a wording for FADA that recognises the active in-service choice of an account holder – not a default position.  A number of options should be provided – these include:

  1. the account holder opting-out of personal representative access;
  2. the account holder pre-designating named individual(s) to access;
  3. the account holder pre-designating his digital assets for deletion; or
  4. the account holder selects a combination of the options.

Recognising such options in FADA will help promote them as real options, backed by law, that custodians can offer account holders.

Next steps

It is expected that the Fiduciary Access to Digital Assets Act will be finalised by the ULC this year.  However, it is only after individual states enact the Act that it will become law.  Currently, seven US states (ConnecticutIdahoIndianaNevadaOklahomaRhode Island and Virginia) have limited digital remains legislation in place and a further 18 are considering similar legislation.  It seems plausible to conclude that at least 25 states are amenable to enacting such uniform legislation once it is completed.

It remains unclear how service providers will react to FADA.  Will they provide in-service opt-out options for account holders?  Will service providers exercise their discretion under the SCA and disclose the content of communications to personal representatives?  Ultimately the success of the FADA legislation will hinge on whether custodians are willing to accept and engage with it.