When a person dies, friends and relatives must decide whether to delete all the deceased's data or to ensure the digital survival of the deceased. A huge amount of data and information is collected about people during their lifetimes, and the growth of professional and personal social networks (eg, Linkedin, Facebook, Instagram and Google+) is increasing this phenomenon.

Existing legal void

As the digital era continues, an increasing number of social network user accounts belong to deceased persons. The French data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), has estimated that 1% of all Facebook profiles worldwide (130 million profiles) belong to a deceased person.

During their lifetimes all people have the right to access, modify and delete their data (eg, photos, lifestyle and professional data). However, these rights attach to the person and do not continue when he or she dies.

Unlike inheritance law, which recognises heirs as the continuation of the deceased person, in regard to digital matters the heirs have no right to stop the use of processed data or recover data if the deceased person expressed no last wishes.

Only Article 40 of the Data Protection Act (78-17) deals with the data of deceased persons, and simply provides that "the heirs of a deceased person, providing proof of their identity, may... require the data controller to take the death into account and update the data accordingly".

Given the challenges posed by digital data and information, in communications of October 29 and 31 2014 the CNIL evoked the balance that must be struck between the right to be forgotten and digital immortality.(1) However, the CNIL highlighted that it was not its role to arbitrate on this issue, and therefore called on the public authorities and internet stakeholders to debate this issue. Some scholars have suggested that inspiration could be drawn from the regime governing the transmission of copyright after death, which allows the transmission of personality rights.(2)

Bill for Digital Republic

In response to this issue, the government has published the Bill for a Digital Republic, which proposes to supplement Article 40 by allowing a person to "set instructions relating to the retention and disclosure of his/her personal data after his/her death".

Therefore, before people die, they may decide how they "wish their rights under this Act to be exercised after their death". The instructions may cover all processing of the instructing party's data or only specific data.

Most importantly, the bill provides that in the absence of instructions, the "heirs may exercise the rights of access, rectification and opposition after his or her death". Therefore, if the bill is passed, heirs will be allowed to inherit certain personal rights.

Lastly, the bill creates a new obligation for all data hosts, which will have to inform users as to what will happen to their data after they die and allow them to choose whether to pass their data onto a designated third party.

Consequences for economic operators

Some digital operators have taken the lead by stipulating in their terms of use what will happen to a user's data when he or she dies. Facebook already allows a user to designate a 'legacy contact' – that is, someone chosen to manage the deceased person's account and who may be authorised to upload an archive of shared information (except for correspondence, in particular, which is protected by secrecy laws).(3) Further, Google has set up an inactive account manager which allows users to share part of their account data or let a contact know if the account has been inactive for a certain time.(4)

If the bill is passed, data controllers will have to deal with new constraints and new types of request.

Indeed, even though it is hosts, publishers and digital platforms which will primarily be affected, any data controller may have to deal with requests from trusted third parties or heirs and set up measures to ensure that requests to access, modify or delete reflect the deceased person's last wishes or the heirs' wishes. This will not be an easy task, and it is likely that the CNIL will often be called on to intervene in difficult circumstances.

Therefore, estate planning should take these new digital issues into account, and it would be entirely appropriate to address them in wills. As a result, notaries will have to consider these new issues when drafting documents. Users need to ask themselves a very real question about the virtual world: digital oblivion or digital eternity?

For further information on this topic please contact Matthieu Dary or Alexandre Diouf at FIDAL by telephone (+33 1 46 24 30 30) or email (matthieu.dary@fidal.com or alexandre.diouf@fidal.com). The FIDAL website can be accessed at www.fidal.com.

Endnotes

(1) CNIL, "Digital death: is it possible to ask to remove the data of a deceased person?" October 29 2014; CNIL, "Digital death or virtual eternity: what happens to your data after you die?" October 31 2014, www.cnil.fr.

(2) Favreau A, "Digital death, what legal treatment for our personal data", RLDC, April 2015, no 125.

(3) See www.facebook.com/help/1568013990080948.

(4) See support.google.com/accounts/answer/3036546?hl=fr.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.