Twenty-five or so years ago the sound of dial-up modems bleeping
and blurping their way to AOL's remote servers rang out in
basements and home offices across the country. Users were eager to
join chatrooms, access their "electronic mail" and begin the
agonizing wait to load sites on the "information superhighway."
Since that time, America hasn't been able to get enough of the
Internet. As it has come to permeate every moment of our lives,
from mobile email to wearable devices that track the quality of our
sleep, we now have to consider the practicalities and legal
consequences of dying in the digital age. The creation and
dissemination of digital information - records, messages, images
and histories - is the overriding function of a consumer's
interaction with the Internet. What happens to the remnants of our
online lives when our physical life has ended? How can our loved
ones access this information, and do we want them to see it all or
merely some of it? These are difficult questions to which there are
no concrete answers.
Only a few states have passed legislation dealing with fiduciary
access to so-called "digital assets." This legislation is
relatively limited and generally applies only to personal
representatives (some state statutes are more limited than others,
for example the Virginia law only applies to personal
representatives for estates of minors). However, the Uniform Law
Commission has recently weighed in, with a comprehensive law known
as the Uniform Fiduciary Access to Digital Assets Act (UFADAA). The
commission recommends enactment in every state. To date, Delaware
is the first and only state to adopt UFADAA. This article will
provide a brief overview of the various problems associated with
defining, owning and accessing digital assets; the ways in which
UFADAA proposes to solve the access problem, and some steps
planners can take to prepare for state legislation.
Problems
Digital assets present themselves in a multiplicity of forms.
There are digital account numbers, log-in information, photographs,
videos, emails, and documents. There are your "likes" on Facebook
and Instagram, web search histories and "cookie" data, including
information about your browsing and shopping history. There is
digital media, such as e-books, movies and music from Apple,
Amazon, Google and others. There is even digital currency,
including bitcoin and other electronic "cryptocurrencies."
Given this varied taxonomy, UFADAA's definition of a digital asset
("a record that is electronic") is necessarily broad. The act
defines the term "record" as information inscribed on a tangible
medium or stored by electronic or other means. The definition does
not include the underlying asset or liability, unless the
underlying asset itself is an electronic record. The definition of
a digital asset is therefore not limited to information that may be
considered valuable to a decedent's estate. Personal emails and
other messages, images, videos and other files, and comments,
"likes" and browser histories all fall under UFADAA's broad
definitional umbrella.
Massachusetts law currently includes digital assets as property of
a decedent's estate. The problem that requires new legislation
arises when digital assets are stored remotely, using products or
services operated by third parties that UFADAA refers to as
"custodians." Access to assets that are created, transmitted or
stored on specific services (think Facebook, Gmail or Flickr) is
governed by the agreement (generally, an end-user license
agreement, or EULA) entered into by the user at the time of account
creation. These agreements generally govern the ownership rights
over the assets created by the user's interaction with the account,
and the right of the owner to assign access rights over the account
or delegate access to the account to another individual. Very
generally, EULAs controlling access to online services include
provisions that serve to limit access to the individual user. Such
agreements often state that rights of access are non-transferable
and terminate at the user's death. Giving a password (and hence
access) to another person very often violates the EULA and is
grounds for termination of the account.
EULAs often additionally provide that users retain ownership of
and intellectual property rights to content submitted to or created
through the account. Facebook, for example, includes such a
provision in its terms of service agreement. Users are therefore
free to copy, transmit and remove content from such services
(assuming the user owns the underlying rights to such
content).
UFADAA does not override substantive intellectual property or
contract law, except to vest fiduciaries with authority to access,
control or copy digital assets of a decedent. Thus, the decedent
must possess a right or interest in the property that the fiduciary
seeks to access.
The purchase of an e-book, digital audio or video file, for
example, is generally not the acquisition of ownership rights, but
of a license agreement granting the right to use the file. Digital
media EULAs (for books, music, movies, etc.) such as Apple's
iTunes, Amazon and Google Play generally provide that the license
granted is non-transferrable. Music enthusiasts who are eager to
pass on their digital collection may therefore be prevented from
doing so. The nature of the problem with this kind of digital asset
is therefore not that the asset is digital in nature, but that it
is not an asset in the traditional sense. In estate planning terms,
this kind of digital asset may be more like a digital life estate
than a fee simple interest. UFADAA does not override this feature
of many digital media licenses. The act does not make property
"descendible." The fiduciary is granted no more and no fewer rights
than the account holder had, acting individually. Therefore it does
not affect the non-transferrable nature of licenses involved in the
purchase of digital media, such as music, movies, and books.
The distinction between ownership and access creates a catch-22:
while users often retain ownership of the digital assets contained
within digital accounts and such property is considered part of the
user's estate, fiduciaries and heirs are often denied access to
these accounts to retrieve and distribute digital assets following
the user's death.
Solutions
While the problem with access (and by whom) is currently being
hashed out in the courts, the UFADAA is squarely aimed at this
catch-22, by allowing fiduciaries to "step into the shoes" of the
account holder.
UFADAA applies to personal representatives, attorneys in fact,
court appointed conservators and guardians, and trustees (referred
to collectively as "fiduciaries"). Through the act, fiduciaries act
as representative agents of the account holder, and as such, access
by the fiduciary is not considered a transfer, assignment or other
use that would violate a EULA restricting access only to the
originally authorized user.
To gain access to accounts, fiduciaries must send a certified copy
of the appointment, power of attorney or trust certification that
grants the individual the power to manage digital assets to the
custodian of the asset, requesting access to the account. If the
custodian fails to comply within 60 days, the fiduciary may apply
to the court for an order directing compliance.
The power to access digital assets is not a blanket right for
fiduciaries. UFADAA does not override an individual's explicit
choice to limit access to digital assets. Thus, if an account owner
agrees to limit fiduciary access in an affirmative act separate
from his or her agreement to the other provisions of the EULA, then
that limitation will override the UFADAA provisions granting
access.
While UFADAA solves our catch-22 issue, so far it's only been
enacted in Delaware. While we're waiting for legislation in
Massachusetts, there are a number of practical steps clients can
take as stop-gap measures.
Firstly, the estate planning process should include a digital
audit. Clients should be encouraged to lay out each and every
important online account they have, and securely save the login
information for each. This can be done using 20th century pen and
paper, or through a number of online services that are designed as
password managers, with the ability to name fiduciaries to gain
access upon death or incapacity. This list should be kept up to
date as passwords and accounts change.
Additionally, estate planners should prepare for UFADAA by
inserting language into trusts and powers of attorney that
authorize fiduciaries to access and manage digital assets. Clients
with privacy concerns may also wish to designate specific services
to which they do not want their fiduciaries to be granted access.
While language in estate planning documents may not be honored by
service providers until UFADAA is enacted more broadly, clients
will not have to revise estate planning documents in the future.
Additionally, it's useful to note that UFADAA may not have to come
to all states to be applicable. If it is adopted by even a majority
of states, account custodians may change EULAs to mimic UFADAA's
terms. Additionally, language should be added to documents that
clarifies the principal or grantor's consent for the fiduciary to
access data stored on local electronic devices.
Grantors who intend to acquire large libraries of digital media
may also want to consider purchasing these assets in the name of a
trust, which would potentially make such media descendible.
As the web's digital tendrils have come to entwine themselves
around a greater share of our lives, clear gaps within existing
legislation have emerged. The overriding purpose of UFADAA is to
fill the gap that is presented by the distinction between ownership
of digital assets and the fiduciary's need to access those assets
to perform his or her fiduciary duties. The Uniform Act appears to
address this problem simply, and with minimal impact on existing
law. UFADAA may not solve all of our digital woes, but its
widespread enactment would provide much-needed clarity in an
increasingly important area.