At the end of September, New York became the 20th state to pass the Revised Uniform Fiduciary Access to Digital Assets Act (“RUFADAA”). The RUFADAA governs access and control to one’s digital assets upon death. In other words, the RUFADAA determines who may get access to your Google or Snapchat account after you die.
As estate law in the United States is regulated at the state level, currently no federal law specifically controls the distribution of one’s digital assets, and as such, experts expect that most states will adopt or pass some form of the RUFADAA by the end of 2017.
Although the RUFADAA has been around since 2014, most people still incorrectly assume that the distribution of all their assets, including digital assets like online photos or music, can be addressed by an ordinary will. Instead, however, digital goods are actually subject to a myriad of both federal and state laws that govern electronic communications and information. As such, many other legal contracts such as terms of service or end-user licensing agreements may also affect the access and control of one’s digital assets upon death.
Without overarching federal guidance, most legal practioners advise service providers to follow applicable provisions of the Stored Communications Act (“SCA”), which is part of the larger Electronic Communications Privacy Act (“ECPA”) of 1986. Specifically, the SCA sets forth guidelines that service providers must abide by in order to protect a user’s right to privacy online. In general, the SCA prohibits service providers or “data custodians” from disclosing the contents of an account to any third party unless a specific exception of the SCA permits such disclosure. The most well-known exception to the SCA is the “lawful consent” exception, whose use has become so notorious and varied that many joke that what constitutes as “lawful consent” varies from state-to-state and provider-to-provider.
As such, it comes as no surprise that currently, there is no uniform standard that determines how service providers handle the distribution of digital assets upon one’s death. While many service providers still fail to conspicuously address electronic privacy upon death, well-known technology companies such as Google and Facebook have begun to implement relevant policies.
For example, in response to the growing need, Google instituted an “Inactive Account Manager” setting in 2013, which allows a user to name another person as the recipient of their Google assets after a set amount of inactivity (e.g., three, six, nine, or twelve months). This tool also allows for users to request that Google simply delete their information and/or account after a pre-determined duration of inactive time as well.
In conclusion, while it is still relatively uncommon for service providers to provide users with specific options to address the distribution of digital assets upon one’s death, experts expect that as more states pass or adopt some form of the RUFADAA, these tools will become increasingly common and user-friendly.