When a 15-year-old German girl died, hit by a subway train, it was a tragedy.

Her distraught parents turned to her online accounts for answers: was this an awful accident or was it a premeditated action? What was going on in her online life, and how was it affecting her every day?

Those parents still do not know. The data and critically, the passwords, were the private property of the young girl. Not her parents.

The ownership of data at the moment of death is a modern question. Whose hands does it fall into? Who has rights, and who can stake a claim?

Whose Data Is It Anyway?

The German teenager has no say in the management of her data. But Facebook argues that allowing her parents access to the content of her private messages would violate the privacy of her contacts. Most importantly, a judge agrees.

Facebook is not the only social media or technology company that takes this stance.

In 2016, Apple hit the headlines after it refused to give a widow her husband's account password for their shared iPad. Apple finally relented after Peggy Bush reached out to the Canadian Broadcasting Corporation's Go Public program. Apple reasoned that despite Peggy having the original device and serial number, and a certificate confirming her husband's death, Apple policy was to protect the privacy of a user.

"I then wrote a letter to Tim Cook, the head of Apple, saying this is ridiculous. All I want to do is download a card game for my mother on the iPad. I don't want to have to go to court to do that, and I finally got a call from customer relations who confirmed, yes, that is their policy."

Succession law in relation to digital accounts is still relatively new ground. Today, companies have to consider the weight of their decisions as they become mainstream, while legal language remains purposefully vague as to allow for maneuvering in the future.

Dedicated Processes to Take Care of Your Data

Of course, technology companies aren't sitting around doing nothing all day. They put their minds to answering questions like these. As such, many major technology companies have a succession or inactive account management process. But they don't all end up with a relative or loved one in possession of the data.

Let's look at the policies of some major web services and technology providers.

Facebook

As previously mentioned, Facebook is pretty steadfast in its resolve. Once someone dies, an account is either shut down or memorialized. This process is only available to those with a valid death certificate, that Facebook double-checks, as well as permission to act upon behalf of the deceased.

And even though Facebook allows you to download your entire data, this same feature is not available after the fact.

Twitter

Like Facebook, Twitter allows an executor to permanently delete your profile. That said, Twitter are clear that the account holder is the only person who they'll allow direct access, stating that:

"For privacy reasons we are not able to provide access to a deceased user's account regardless of their relationship to the deceased."

Twitter is, however, a more public communication medium than the private messages of Facebook (and other social platforms).

It is possible to download the entire Tweet history for an individual user. So long as the account isn't deleted, it will remain online for you to browse.

Google Accounts

Google has a robust system in place, but that doesn't mean it is easy. Google accounts can cover a huge number of services: email, social, document hosting, Android devices, and more. As such, each one requires specific attention.

Central to handling Google accounts is the Inactive Account Manager. Inactive Account Manager works slightly differently to other services.

Instead of relying on family member activating a password release, Google monitors your account for sign-ins, Gmail usage, Android check-ins, and more. If the account remains inactive for a specific amount of time, the service sends an email containing content created during the setup process (your own words).

Microsoft

Like Google, Microsoft has one of the most comprehensive account access and transfer policies. Officially known as the Microsoft Next of Kin Process, a loved one with the correct documentation can request a litany of information, including:

  • Emails and attachments.
  • Contact lists.
  • Address books.

The information Microsoft provides is delivered to you. They do not provide a direct password for an account. Due to this, some users experience disappointment when they realize a locked computer will remain so.

To start the Next of Kin process, send an email to msrecord@microsoft.com, including documentation to verify the death as well as your relationship to the deceased.

Apple

An incident with Apple featured earlier in this article. And while Apple employees aren't monsters, they are steadfast in their dedication to the protection of account privacy -- even in death. This makes Apple one of the more difficult major technology purveyors to extract an account password from.

Officially, once a person dies, their account dies with them, along with everything licensed to the account over the years. Of course, that means potential destruction of music, films, photos, and much more, let alone the monetary value.

A court order may well be necessary to force Apple to play ball and grant access to a loved one's account. However, some unofficial sources have suggested contacting iTunesStoreSupport@apple.com in hopes that the process doesn't become painful.

Steam

Steam is an interesting one. While not dealing with private or personal data, Steam make it quite clear that:

"You may not sell or charge others for the right to use your account, or otherwise transfer your account, nor may you sell, charge others for the right to use, or transfer any Subscriptions other than if and as expressly permitted by this Agreement (including any Subscription Terms or Rules of Use)."

The Steam Subscriber Agreement later continues, "The Software is licensed, not sold. Your license confers no title or ownership in the Software."

They also clearly state that "Valve does not recognize any transfers of subscriptions (including transfers by operations of law) that are made outside of Steam."

Unless the deceased has written their password down, those games are gone. In fact, consider that by contacting Steam user support and asking for help to unlock the account, your situation might be immediately worse: they lock the account in the knowledge that the owner has passed away.

WhatsApp, Snapchat, Telegram, and Kik

The official line from this collection of mobile communication apps is similar: messages are private and belong to the contacts. Accessing them is vastly easier than other social media platforms.

A smartphone is a portal into someone's life. Access to this -- if the smartphone doesn't have its own password -- will grant access to the aforementioned services.

The Keys to the Kingdom

How many online accounts do you have?

Think past your Facebook and Instagram accounts, into the depths of online sites. Modding sites, online dating accounts, that weird niche hobby you'd thought you'd like so you signed up -- the list can be sprawling. If you've (potentially unwisely) saved all your username and password combinations to your browser, you can scroll through and look.

Had a look? If you're security conscious, you might be using a password manager. They keep your passwords safe and you only have to remember one difficult password instead of 56 variations of a terrible one.

The password manager is the key to the kingdom. If your loved one used a password manager, realizing their password will immediately provide extensive access to their online world.

  • LastPass introduced a password recovery feature for "people I trust" aimed specifically at cases of death or sudden emergencies. The service, called Emergency Access, requires you to add the specific trusted contact(s) beforehand.
  • Dashlane also features an emergency access feature that allows predefined contacts to access your password vault.
  • PasswordBox features an emergency password vault that can be passed onto the next of kin.

Unfortunately, if the next of kin are not listed as trusted, the passwords will remain secure.

There Ought to Be a Law

The succession of an online account will become increasingly relevant as the internet ages. Ensuring you have your digital estate organized will become as important as writing a will.

For some people, it already is.

The young girl struck by a subway train lived in Germany, a country well noted for its dedication to privacy laws. U.S. residents have attempted the same process -- pleading with Facebook to release private data -- but to no avail.

Regardless, several U.S. states have enacted laws that ensure families' rights to access the private data of a loved one. Starting with Delaware in 2014, 25 states have stepped in to create laws that specifically protect digital assets. You can find the full state-by-state list right here. Check the state where you live, as laws can vary.

The development and enactment of specific digital asset state laws doesn't mean access your loved one's data will be easy. Technology companies argue that state digital asset laws directly contravene the Electronic Communications Privacy Act, a federal law that prohibits custodians of digital assets releasing them without permission or a court order.

So even if the state rules in your favor, you're still going to need a potentially expensive court order to back your claim.

Where Does the Internet of Things Fit?

The Internet of Things (IoT) seems to be consistently under attack. IoT smart devices relay a stream of data from specialized connected devices. That fitness band tracker on your wrist? Yup, that is an IoT connected device, streaming personal fitness data to a server.

And while IoT companies anonymize your data for their own use, there are plenty of instances where this data powers individual profiles (such as your fitness progress).

Similarly, tracking down that data is difficult. You can isolate specific sources, like a fitness tracker, or a smartphone assistant app, but the IoT comprises of many more data sensors.

And as we have seen, deleting the data isn't as easy as hitting a switch. Take Fitbit, whose "customers have a reasonable expectation that we keep their account data private and secure, so for those reasons we only close accounts in accordance with our Terms of Service, Privacy Policy, and applicable law." You will have to email your status as executor and a copy of the death certificate or a published obituary to privacy@fitbit.com.

But even then, "sending a request and supporting documentation does not guarantee that we will be able to assist you."

Who Owns Your Data After Your Death?

At face value, with a pre-emptive process when you're breathing, posthumous data management isn't too difficult. Technology and social media companies maintain that data protection and privacy is everything.

Electronic Frontier Foundation policy analyst Adi Kamdar said:

"People live with personal information that they do not wish to share with, say, their parents, or their significant others. The best course of action should be to respect this decision, even after death, unless the deceased takes steps to allow their estate's administrator access to their email."

It is easy to agree with this viewpoint. Until it is your child that is dead, and technology companies are unwilling to help.

What are your digital succession plans? Have you ensured safe digital passage for your accounts? How about your websites, your passwords, your Bitcoin wallets, and more? 

Image Credits: Sabuhi Novruzov/Shutterstock