Umberto Bacchi -
From photos to personal posts and private messages, social media users leave a long digital trail behind them.
But who owns that data when they die? With about one in three people worldwide estimated to have a social media account, the question has become more pressing for legal experts and was brought to the fore last week by the family of a deceased teenage girl in Britain.
The parents of Molly Russell, a 14-year-old who committed suicide in 2017, told local media they had been unable to access data on her phone, including her Instagram account, which they said might hold clues to why she took her own life.
“It seems to me that the data on Molly’s phone should have become her parents’ property,” Russell’s father, Ian, told the BBC.
“She died without a will, she was 14 and everything else quite naturally returns to us as her parents and so should her data.” Instagram declined to comment on the particular case as an inquest is ongoing.
The Facebook-owned social media giant said it is against its policies for someone to log into another person’s account, but it would consider legitimate requests for family members to access information, provided there is a court order.
Britain is among the majority of countries in having no laws on digital inheritance, which makes such cases complicated, said Edina Harbinja, a senior lecturer in media and privacy law at Birmingham’s Aston University.
As most social media accounts are used to send private messages to others, privacy is a key issue, and so are the different legal interpretations of what can be considered transferable property in the digital world, she said.
“There is a complete legal mess there,” Harbinja told the Thomson Reuters Foundation.
Under the EU’s General Data Protection Regulation (GDPR), a landmark privacy law adopted last year, individuals have the right to get a copy of their data held by Internet companies, or ask that it be deleted.
In France, people have the right to tell companies what do to with their data after they die, while in Canada, the deceased’s executor can access digital assets by default.
In Germany, heirs have the right to access the data of their deceased relatives in full after a court ruled last year that social media accounts can be inherited in the same way as letters.
In the United States, a law implemented by most states allows for executors to see who the deceased communicated with and when, but not to read the messages unless authorised by a court or the departed account holder.
Tech companies have also come up with their own rules.
Google allows users to decide what data they want to share, and with whom, after their death.
If no provisions are made, the firm said it can work with family members to close an account and may provide content in some circumstances, but its primary responsibility is to keep people’s information secure, safe and private.
Facebook and Instagram allow family members to request that an account be deleted or turned into a memorial page, where content remains visible but locked.
Facebook users can also nominate a “legacy contact” to look after their memorial accounts after they pass away, but while such curators can write posts or change profile pictures, they cannot log into the account or read messages.
Even when an account is deleted, Facebook and Instagram said they continue to store personal data for a period of time.
Such data could be of economic value, as social media companies rely on massive databases to train artificial intelligence and machine learning applications, said Harbinja.
But both Facebook and Instagram said they do not use data of deceased users to target ads more accurately.
Experts say it is just a matter of time before more countries pass legislation on the matter, but meanwhile, where rules are absent, what happens in the digital afterlife remains obscure.
“Solicitors are quite confused (in Britain) as to what happens and they sometimes advise their clients to leave password and user names attached to their will, which is nonsense,” said Harbinja.
Wills are public documents in the country and passwords change, she noted, allowing for massive privacy violations.