What happens to our data when we die?

A posthumous selfie, the last WhatsApp message… Death leaves our digital identity in no man’s land. What becomes of it?

Application or website login screen on a smartphone.
Application or website login screen on a smartphone.Tero Vesalainen (Getty Images/iStockphoto)
José Mendiola Zuriarrain

Death is an inconvenient truth that no one wants to address and that always arrives at a bad time. Wills can ensure that our physical and earthly affairs are squared away, but what happens to our WhatsApp messages, profiles on Instagram and other social networks, and our data and email correspondence? The deceased’s internet activity remains in the cloud, inaccessible for the foreseeable future to their family and loved ones.

Times have changed and today’s society lives on two planes: physical and digital. While it’s become commonplace to leave a written document as one’s last will and testament in case of death, the importance of managing our digital legacy is rarely considered. Social networks, messaging apps, emails … everything remains active and in the cloud, and that includes compromising content. Borja Adsuara, a lawyer who specializes in digital law, refers to the regulation of this content as “digital inheritance, the set of digital goods and services that are left behind when one dies.”

Who is in control?

This is a complex issue, given that the companies that offer online services — like Google, Apple and Facebook, among others — have very strict privacy policies that regulate access to the accounts of deceased users. One of the most notorious cases regarding the issue took place in Germany, when a teenager was killed by a train in 2012 and her parents demanded the access codes for her Facebook account to determine possible causes. Years later, it fell to a judge to decide in their favor, forcing Mark Zuckerberg’s company to hand over the password. “In this case it was the judge who ruled that knowing what had happened was more valuable than the person’s privacy,” says Adsuara.

Some companies allow close family members to request closure of the account, but full access to its information is rarely granted without the explicit consent of the original account holder. That is, the account owner must either name an heir to the account while still alive, or specify that they wish for the account to live on as a tribute page, and in that case, name one of their contacts as its eventual manager. These caretakers are called legacy contacts, and they are responsible for keeping accounts alive by replying to or moderating messages and uploading occasional memorial photos. But if adequate preparation has not been made, a maze of regulations can leave families in an awkward and often emotionally draining position.

Ethical and juridical problems

The law has not fully adapted to this new paradigm. Accessing an account without explicit permission is illegal in many places, regardless of good intentions. Not only does this put loved ones in a difficult situation, it also raises ethical questions about privacy and ownership of post-mortem digital information. Another high-profile case took place after the tragic 2015 San Bernardino shooting: the FBI asked Apple to unlock the iPhone of the shooter and the Cupertino-based company flatly refused, arguing that the privacy of its customers was more important than the dissemination of the device’s possible content.

Google, the great receptacle of personal information on the internet, has also developed policies around posthumous legacy. Those who want to leave everything well organized can appoint an inactive account administrator, a person responsible for determining what will happen to someone’s information in the case of their death. If this position has not been filled, the Californian company allows relatives to delete or manage the account by filling out a form, but the process is more complex, given privacy concerns.

Adsuara says that their content can affect the image of the person who has passed away. Relationships with previously unknown third parties or other compromising material can be uncovered: “For example, if you access your wife or husband’s Twitter account and you find direct messages including intimate content from someone else …” he explains. Brigita Kavaliauskaite, head of communications for the NordVPN security firm, adds, “In Spain, no specific law has been passed to regulate total post-mortem digital oblivion, but there is Law 10/2017 regarding digital wills. Still, the legislation needs to be broadened so that all types of situations are taken into account.”

Preparation and looking ahead

To avoid these issues, a detailed plan is called for. The first step is making an inventory of all your accounts and passwords. This catalogue should be accessible to someone you trust in case of your death. “The best plan is to designate a trustworthy person who can advise the app or social network that they have been authorized to manage your information,” explains Adsuara. Other cloud services, such as Dropbox, also make allowances in the case of death, allowing loved one’s to request access to the deceased’s account.

It’s also prudent to draft a digital will with explicit instructions on how information should be handled online. However, the expert warns of the risk of false equivalents: a will signed at a notary’s office is not the same as a digital version. The latter is where you will house such information as “who has the right to access my email account or social networks.”

Our digital life is an extension of our physical existence, full of memories, personal data and social connections. There will be things that we want to leave for posterity, but others that we would prefer remain inaccessible, that they die with us. A digital diary, conversations with friends or acquaintances via WhatsApp … The value of this type of content is personal, and it can damage the posthumous public image of the deceased. How can we make sure that no one will access it?

There’s only two ways to ensure that this information remains inaccessible: delete it, or have end-to-end encryption, so that no one, not even the service provider, is able to access the content. Services such as Nordlocker or Dropbox’s Vault guarantee that only those with the passwords will be able to access the stored data. These sites are locked up so tight that there are several security measures through which the owners must pass in the case of forgetting their passwords.

Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition

Tu suscripción se está usando en otro dispositivo

¿Quieres añadir otro usuario a tu suscripción?

Si continúas leyendo en este dispositivo, no se podrá leer en el otro.

¿Por qué estás viendo esto?


Tu suscripción se está usando en otro dispositivo y solo puedes acceder a EL PAÍS desde un dispositivo a la vez.

Si quieres compartir tu cuenta, cambia tu suscripción a la modalidad Premium, así podrás añadir otro usuario. Cada uno accederá con su propia cuenta de email, lo que os permitirá personalizar vuestra experiencia en EL PAÍS.

En el caso de no saber quién está usando tu cuenta, te recomendamos cambiar tu contraseña aquí.

Si decides continuar compartiendo tu cuenta, este mensaje se mostrará en tu dispositivo y en el de la otra persona que está usando tu cuenta de forma indefinida, afectando a tu experiencia de lectura. Puedes consultar aquí los términos y condiciones de la suscripción digital.

More information

Archived In

Recomendaciones EL PAÍS
Recomendaciones EL PAÍS