Data After Life
The Protection of Users’ Development of their Digital Identity
‘What if we rethought social media contracts in a radical way?’ With this question, Catalina Goanta and her research team invited speakers to present new ways in which to think about contracting by digital platforms at the Radical Reforms conference. In this contribution, I would like to address their question on the basis of a legal problem that is of both a practical and a legal-philosophical nature, namely that of digital inheritance, in particular concerning access to and use of social media accounts of deceased persons. Contract law in Europe currently has little grasp on the balancing of interests of social media users, their heirs, platforms, and society at large, which means that platforms play a key role in determining how digital legacies are handled. This contribution submits that a human rights perspective can offer starting points for reforms that do more justice to the protection of digital identities of social media users.
After Life
Until recently, the idea of a digital inheritance might have seemed a topic for science fiction. In an award-winning episode of the series Black Mirror, for instance, a simulated reality called ‘San Junipero’ is imagined as a virtual space in which people can continue life after death. Black Mirror, which is known for showing the darker side of digitalisation, thus, provides a glimpse of what the future could look like if technology developed one step further from where it is today. ‘San Junipero’ is an episode that uncharacteristically strikes a somewhat lighter tone and invites reflection on what choices we would (and should) make for a digital afterlife, if we could continue living and governing our lives online.
Looking at possible futures of current societal challenges from this viewpoint, the question arises how we deal with digital legacies at this moment and, furthermore, what this means for the way in which we make choices on post-mortem use of our personal data during life. In a report co-written by researchers from the Institute for Information Law (IViR) and the Amsterdam Centre for Transformative Private Law (ACT) for the Dutch Ministry of the Interior and Kingdom Relations, these queries formed the starting point for an investigation on ‘data after death’ (Data na de dood, report in Dutch with a summary in English). To this research, which was led by Mireille van Eechoud, Marco Loos and I contributed insights from consumer contract law. Moreover, my contribution included fundamental rights aspects of digital inheritances. A further reflection based on these two legal frameworks may provide some inspiration for reforms of the regulation of social media contracts – after as well as during life.
Limits of EU Contract Law
The realm of digital inheritances turns out to be one in which digital service providers, including social media platforms, are very powerful. This is not so much because of their active engagement with the topic, but rather because of a striking absence of regulation in this area. Perhaps this can be explained by the unease of considering matters relating to the end of life or the relatively new phenomenon of inheritances extending to the digital world. In any case, our report on data after death made clear that only a few jurisdictions have so far developed specific rules on digital inheritance (the US and Australia, and some EU jurisdictions; an overview is provided in section 6 of the report Data na de dood). Their approaches mostly rely on data protection law or principles of inheritance law. In the Netherlands, where inheritance law does not put digital assets on the same footing as physical goods, some district courts have considered a contractual approach. They took inspiration from a judgement of the German Bundesgerichtshof, which relied on an analogy of access to e-mail accounts with the inheritance of physical letters. From a legal-comparative perspective, nevertheless, the role of contract law in addressing the balance of interests of affected parties so far appears to be quite limited.
In EU law, as Marco Loos and I found, the most likely candidates for addressing the contractual dimension of data governance after death are the Directives on Digital Content, Unfair Terms and Unfair Commercial Practices. The Directives, however, only have a limited impact on the topic, since most platforms have not developed clear legal practices or terms for digital inheritances. Some have policies, such as a possibility to indicate a trusted person to manage a Facebook memorial page after death, but such policies are often not formalised in general terms and conditions. Insofar as platforms have provided standard terms, these often include a ‘no right of survivorship clause’, according to which the digital account and any rights related to it expire upon death. Such clauses also bind the heirs, who succeed the deceased person in contractual relationships. No-survivorship clauses may to some extent be challenged, insofar as contractual provisions that entail the automatic expiration of rights upon death might be considered to be unfair. Even if this is accepted, nevertheless, it remains unclear if more than a prolongation of the contract can be secured. The law on unfair terms does not specify if the contractual relationship allows heirs full access to social media accounts.
From a normative perspective, furthermore, a question is if contract law should allow heirs to obtain full access and possibilities to continue using the deceased person’s social media accounts. The interests of heirs do not necessarily align with those of social media platforms, society at large and, importantly, the wishes of the deceased person. Heirs might have interests of an emotional nature in having access to personal messages and photos of their loved one, as is underlined by the scarce case law on the topic (discussed by Lilian Edwards and Edina Harbinja). Given the personal nature of users’ accounts, platforms may, however, wish to bar or limit access to such personal information and, as we just saw, currently have quite extensive power to contractually shape possibilities and conditions for access. In addition, there is a more general interest in protecting the memory of deceased persons by regulating access to their personal assets, which still needs to be further articulated for digital inheritances. Interwoven through the balancing of these interests is a question to which an answer can no longer be obtained from the one whose digital assets are concerned, the deceased person: what would they have wished to happen to their digital legacy? A human rights perspective may provide some starting points for integrating the protection of their digital afterlife in the contractual balance.
Post-mortem Privacy, Digital Identity and the EU Charter of Fundamental Rights
A human right that immediately comes to mind in this context is the right to protection of one’s private life and correspondence. Lilian Edwards and Edina Harbinja, as well as Hans Buitelaar, have argued for the recognition of a post-mortem right to privacy. They primarily base this view on the dignity of the deceased person, which in their opinion deserves protection not only in the physical world, but also, and perhaps even more so, in the digital sphere. Full access and use of social media accounts after death may endanger the dignity of deceased persons. The extension of privacy rights to the digital afterlife could serve to draw boundaries.
Taking inspiration from the work of Stefano Rodotà, my proposal is to take an even more comprehensive view on digital human rights after death. Since privacy rights only address certain aspects of digital inheritances, and especially under common law are restricted in scope, they currently have limited impact on the contractual regulation of access to and use of social media after death. Building on Rodotà’s Il diritto di avere diritti, a more general right to digital identity may be imagined. According to Rodotà, the right to respect for one’s privacy can be understood as a basis for a right to develop the narrative of one’s own life. This right, which could be deemed ‘a right to digital identity’, in his view surpasses the understanding of the right to privacy as a negative ‘right to be left alone’. It also comprises a positive dimension, which concerns the free development of one’s personality and the right to tell one’s own life story.
Considering the integrity and continuity of narratives of people’s lives, Rodotà’s approach provides a reason for extending the right to the protection of digital identity after death. Insofar as digitalisation has increased social vulnerability and poses a threat to self-determination, such dynamics do not stop at the moment of death. Access to and use of personal data of deceased persons may profoundly affect their social representation and dignity. In this respect, as Mireille van Eechoud and Luna Schumacher observe, the analogy with physical letters does not seem to hold up. Where letters take longer to compose, have a different quality and are not always kept by the receiver, digital communications are mostly of a more fleeting nature, greater in volume and easily stored and distributed. Using digital data to create an image of the deceased person may, thus, lead to distortions of their personality and image, especially if technologies to create digital avatars take flight – Edwards’ and Harbinja’s analysis of another Black Mirror episode, ‘Be Right Back’, provides a telling example. Therefore, protection of the digital identities of social media users remains of relevance when life ends.
As Rodotà has argued, a legal basis for a right to digital identity is already available. It can be found in the EU Charter of Fundamental Rights, in particular in Articles 7 and 8, which safeguard the rights to respect for private and family life and protection of personal data respectively, he submitted. Whether the current state of the case law of the Court of Justice of the EU on the horizontal effect of the Charter supports this idea is not uncontested. In its judgement in the case of Bauer & Broßonn, the CJEU held that all Charter rights have the potential to directly bind private actors, provided they are ‘mandatory and unconditional in nature’. It is far from sure whether Article 7 and 8 of the Charter will be recognised as providing such a basis for a comprehensive right to digital identity. Still, the debate on the understanding of these provisions may already contribute to a rethinking of the contractual regulation of social media platforms.
The Right to Be Oneself
In a historical overview of the legal protection of aspects of identity, Guido Alpa has recently shown how dignitary concerns played a crucial role in the development of a ‘right to be oneself’ (Il diritto di essere se stessi). A view from the imaginary future world of ‘San Junipero’ teaches us that a rethinking of platform contracts should encompass questions on dignity and identity protection as well, both during life and after death. Human rights, in particular Articles 7 and 8 of the Charter, it was suggested here, offer a basis for rethinking what a comprehensive right to identity could look like. In conclusion, a radical reform of social media contracts should consider which limits are posed to platforms’ contractual power in light of individual users’ interest to freely develop their online personalities and narratives of their lives, as well as a more general societal interest in protecting their memories.
Auch wenn der Artikel sich primär dem Vertragsrecht für S