The digital museum

Sunday, 01 December 2013
Rod Genders discusses fiduciary management of digital assets.

Most people in developed economies use email and the internet every day, which has led to an explosive growth in the volume of digital assets the average citizen owns or controls. Digital assets are any assets that are accessed or held online, and range from online gaming accounts to photos, digital music, client lists, bank accounts, etc. They are often overlooked when it comes to writing a will or power of attorney, and difficulties are experienced when attempting to apply delegated authority (such as power of attorney) to digital assets. Families of deceased individuals are often surprised at the difficulty and uncertainty experienced in attempting to deal with digital assets.

Due to the uncertain status of ownership and control of digital assets, and the difficulties in extraterritorial application of laws or court orders on international companies hosting these assets, there is a need for a major international push for mutually accepted guidelines. As an independent international organisation, STEP intends to take the lead on this important debate by documenting consistent and coherent principles applicable across all companies, formats and jurisdictions.


As the number of digital assets held by the average person increases, questions about the disposition of these assets on the individual’s death or incapacity are becoming more common. There is scant legislation dealing with the rights of fiduciaries over digital assets, and few holders of digital assets and accounts consider the fate of their online presence once they are no longer able to manage their assets (30 million Facebook accounts belong to dead people, and the average individual has 25 passwords). Some service providers have explicit policies on what will happen when an individual dies, others do not; even where these policies are included in the terms of service, most consumers click through these agreements.

There is a distinction at law between ownership and a license to use; sadly most people are ignorant of the difference. Many citizens will not have read or understood the fine print when signing up for their online service, and will mistakenly believe that they personally own the asset in question (such as an MP3 audio track downloaded from iTunes), when in truth they have merely acquired a restricted licence to use that content.

Many online providers have end user licence agreements that restrict access to the digital assets to the named individual, and expressly exclude personal legal representatives. Terms of service and privacy policies are generally mandated during the initial sign-up process. Some of these contain a section entitled ‘no right of survivorship and non-transferability’, indicating that survivors have no right to access the email accounts of the deceased.

Sharing of logins and passwords, for inter vivos use pursuant to delegated authority, is fraught with legal, practical and security difficulties. For privacy and security reasons, many banks and social media organisations prohibit the sharing of online logins and passwords. An appropriate mechanism for lawful delegates needs to be documented, so people with diminished capacity can still use these (possibly essential) services. Imagine the problems if the medical agent of an incapacitated person is prevented from accessing their online medical records in a medical emergency.

Post-death memorials using social media remain a controversial subject. Some social media organisations delete the entire account of a user, including all content, upon proof of death. Others permit the user’s page to be memorialised as a permanent tribute. Clear options and consistency should be the goal.

Data sovereignty and jurisdictional law remains a critical concern. Many of the major online providers have headquarters in the US, where the Patriot Act and NSA Prism project are serious concerns when it comes to local privacy and confidentiality laws. Australia and the EU have expressed concerns about these issues, and the increase in cloud storage will only inflame the situation.

Balancing security and convenience

Real challenges are behind the reluctance of online providers to accommodate flexible arrangements for delegated authority, including fear of litigation for permitting improper access to a user’s data (fraud, hacking), and fear of lost revenue from duplication of data (piracy) and improperly transferred licensee arrangements. Security of access to online accounts (especially banking and finance) is a legitimate concern, and something that must be addressed. However, a blanket prohibition on the sharing of passwords is impractical in the context of a user who has died or suffers diminished capacity. Protocols must therefore be created to permit fiduciaries to access the online accounts of users in appropriate circumstances.

Immunity will need to be granted to online providers and custodians who have complied with the protocol, so they are not afraid of being penalised for relaxing their present arrangements. Ratification and authentication by government agencies is likely to be required at the local level, and international acceptance of that ratification will need to be negotiated with foreign governments and organisations. A distinction may have to be drawn between management of digital assets following a user’s death and similar management during a user’s incapacity.  

STEP and Standardisation

STEP’s Mental Capacity SIG has created a Digital Assets Working Group to clarify issues relating to the access, control and ownership of digital assets following the incapacity or death of the registered user.

Once STEP has set out its views, they will be shared with other bodies, in an attempt to arrive (as far as possible) at an international consensus. At that point, governments, online service providers and international justice organisations may be approached with a view to cooperating on an international agreement to obviate the present unsatisfactory patchwork of individual regulations.

STEP intends to create a best-practice template policy and protocol to be consistently adopted by online providers, to assist in the management of digital assets by fiduciaries. STEP will also consider the creation of draft legislation for adoption and harmonisation by state and national parliaments.

Online Providers

There are various categories of online service providers. The list below is not exhaustive, but demonstrates the enormous breadth of the fast-changing concept of digital assets:

  1. Financial institutions and payment gateways. These include banks, credit unions and PayPal. Mobile and online commerce increasingly relies on online banking portals.
  2. Share trading. This includes sites such as E*Trade, which are increasingly replacing paper share-scrip and offline brokers.
  3. Social media (Facebook, Twitter, Google+, YouTube etc). These serve as both a social forum as well as a content manager.
  4. Content holders (Google, Amazon, iTunes). MP3 audio tracks, ebooks, videos and similar may represent substantial value to an individual.
  5. Government departments. Increasingly, governments are looking to cut costs by moving services online. This can include essential business and other records, such as births, deaths, marriages and taxation documents.
  6. Online auction sites such as eBay.
  7. Medical records. For example, the Australian government is promoting a personally controlled eHealth record as a secure online summary of health information. The patient is supposed to able to control what goes into it and who can access it, and it is intended to allow the patient and their doctors, hospitals and other healthcare providers to view and share health information.
  8. Blogs. A great deal of intellectual property can be invested in a blog with many articles. As a traffic magnet, it might have considerable value.
  9. Domain names and websites. The registered owner of sites and domain names may have significant value invested in them.
  10. Software as a service. Increasingly, software vendors wish to encourage customers to join a subscription model, frequently provided from a remote location via the internet.
  11. Cloud storage, such as Dropbox and Livedrive.
Author block
Rod Genders

Rod Genders TEP is a senior Australian lawyer and head of the Digital Assets working group of STEP’s Mental Capacity SIG.

The content displayed here is subject to our disclaimer. Read more