What Happens To Personal Data After Someone Dies?

October 13, 2020

The emergence of a digital world that is becoming increasingly important in people’s lives has brought many challenging legal and ethical questions. When the internet was created, it was not necessarily planned to be a platform for people to store and share vast amounts of personal information – photos, emails, important documents, financial and health records.

A huge digital footprint can be left over many years of using various services and can tell you a great deal about the life of a person – where they lived, where they worked, who they liked and who they didn’t like so much (!). Our online personas do not always represent the real person at the heart of it, so could present a misleading picture of someone’s offline self. People tend not to have dusty boxes of letters and photos stored in their attics anymore, but now there are the electronic equivalents.

What happens to your online data when you die?

When the internet’s user base exploded in around the turn of the 21st century, the majority of users were younger people and the thought of what happened to online profiles and the associated personal data after someone died was not at the forefront of most people’s minds. Some reports stated that around 30 million users died in the first eight years of Facebook’s existence, and this was not something that the online world was necessarily prepared for. But many social media sites have now dedicated functions and processes to deal with a person’s information after they have died, such as adding a “legacy contact” who can manage a “memorialised” account. Google have a feature called “Inactive Account Manager”, which allows you to make choices about what happens to your information if you are no longer able to access it (for any number of reasons).

This may all sound like very morbid future planning but it can be as important as ensuring your finances and property are dealt with via a will. Accessing personal data relating to or held in a deceased person’s online account is an issue that can have real significance, whether it is to access information that could relate to a legal matter or for purely sentimental reasons. Think about information that might reveal a person was having an affair or had some other secret that was not known during their life. It can have a huge impact on their loved ones or others who knew them – there can be a lot to think about when making decisions about who you want to see this information in years to come.

Does the Data Protection Act apply to a deceased person?

Data protection legislation only applies to an “identified or identifiable natural person”, this being a person who is alive. So, in theory, many data protection obligations cease to exist once a person has died. Depending on the nature and context of the personal data, there can be an ongoing duty of confidentiality owed to the person even after they have died, with a doctor or relevant health professionals, for example. This could be of relevance with the growth of many health-related apps and online services. And in England, Wales and Scotland, the Access to Health Care Records 1990 comes into play when wanting to access such records and it is normally a patient’s personal representative (such as an executor of their will) who may be able to access certain records.

Does the personal data of relatives stay confidential?

There also needs to be thought about other people (who may still be alive) whose personal data is contained in emails, documents or photos and is within the scope of data protection legislation. Health records can reveal genetic information that may also constitute the personal data of a relative or emails may include discussion of another person. Their rights must be considered as well. But there will be vast amounts of formerly personal data relating to people who have died sitting in dormant social media or storage accounts that may never be seen or accessed.

So, companies need to consider their retention of information once an account becomes inactive. And how does a company know that someone has died at all? In most cases, they won’t know that unless they are told and many have created mechanisms for people to inform them someone has died. There is then a verification process to ensure the information provided is accurate, for example providing a will or estate letter.

Some companies in the cheerily titled “death-tech” sector are also providing solutions as a way for people to manage their online life across the numerous accounts they have and to make decisions about who you are happy to access certain information after you die. And none of the above touches on other legal considerations such as copyright ownership, intellectual property and potential libel issues, which can be equally thorny.

So, while it may not be the most pleasant of issues to deal with, it is important to think about how much of your life is held online, what you want to happen to it and who you are happy to have access to your information once you die.

We’re the experts in getting data on your good side. Find out more about our data protection offering here.

personal data
Receive our insights directly to your inbox by signing up to our newsletter

Recommended content