26 February 2020

Estate Planning: Your Digital Footprint

This article looks at what happens to your digital assets after your death and considers any actions you can take to safeguard against any misdirection of assets, or loss of sentimentally or financially valuable materials. It will consider service providers’ responsibilities to users, and their likely approach to certain scenarios, as well as looking toward what the future may hold.

  • Do you know what will happen to your cloud-stored photographs when you die?
  • Have you considered how your executors will know if you have any crypto-currency?
  • What can you do to make sure your information ends up in the right hands on your death?

What are digital assets?

There is much discussion of “digital assets” these days, but when it comes to inheritance, there is actually no statutory definition of the term. We tend to mean things held otherwise than in a tangible sense, including emails, photographs, and social media accounts. Like bank accounts, digital assets are often controlled by intermediaries. In the former case, this will be the bank; in the latter, an internet service provider (ISP).

When you die, your tangible assets (e.g. jewellery, cash, and cars) pass to your executors or administrators, and are distributed in accordance with your will (or the laws of intestacy). Where necessary, intermediaries will demand a death certificate or grant of probate, and then release the assets held by them. It is therefore unsurprising that many people presume that their cloud-stored photographs and other digital assets will pass to their spouse or children in the same way as a photo album might. Unfortunately, this is not always the case when ISPs are involved, and it is not always possible to ensure your loved ones are able to access your digital assets.

What’s the problem?

As far back as 2005, problems started to arise with the shift to digital storage of assets. Justin Ellsworth, a 20 year old marine was killed in combat. His father sought access to his e-mail account as it contained a pseudo-diary narrating his life, but Yahoo declared that it was contrary to the terms of service to release e-mails. It was not until his father obtained a court ruling in his favour, that Yahoo provided him with a CD of all e-mail documents.

Those digital assets were purely sentimental, as were the photos of her daughter and late husband that Rachel Thompson sought from Apple in 2015. So too were the photographs of Greek widower Nick Scandalios’s late husband. In all three of these cases, the ISPs demanded a court order before they would release the photographs.

The problem goes beyond the sentimental value of photos and e-mail content. It has previously been easy to ascertain the extent of a deceased’s assets by going through their papers. Today, someone may have numerous bank accounts or investments, the only evidence of which is in their Outlook folders (particularly when the asset in question is a crypto-currency). Additionally, for convenience an individual may hold company documents in cloud storage, which is then blocked on their death. This could have wide-ranging and worrying consequences, particularly in the case of family businesses.

Why are digital assets more tricky to deal with?

More traditional assets, such as cars or bank accounts, are dealt with under long-established laws put in place to effect the transfer of property after death. Part of the issue here is that such laws do not extend to all types of digital assets and new laws have not been introduced to fill the gap. ISPs have not yet had the time (nor the inclination) to streamline the process of accessing assets after death. Each ISP has a different procedure which must be followed, and different actions which must be taken before death (these are discussed below). It was not until 2018 that most high street banks signed up to the Death Notification Service allowing personal representatives to notify more than one financial institution at the same time of an individual’s death. Given this, and the relatively inchoate nature of the digital world, it is unsurprising that streamlined processes are not yet in place.

It is not just the practicalities of notification which make dealing with digital assets more cumbersome, but also the attitude of the intermediary. Banks will accept the will, death certificate, and grant of probate as adequate evidence of entitlement to the account, as will NS&I for Premium Bonds. In contrast, ISPs’ behaviour suggests that they may be willing only to accept a court order. However, practical considerations aside, there are two arguments raised by ISPs: privacy and contracts.


For any number of reasons, a deceased individual may not have wanted his or her spouse (or other relatives) to have access to their emails. Yet while it is necessary to remain sensitive to the wishes of the deceased or the reactions of the beneficiaries, it is not for the intermediary or the executors to determine what is or is not suitable for beneficiaries to receive.

There are also potential data protection concerns for ISPs with regard to allowing access to email accounts, particularly in light of the Cambridge Analytica scandal and other similar breaches. However, the General Data Protection Regulation 2016/679 applies only to the data of living individuals, so it is not a valid argument with which to refuse access to data of a deceased person. In addition, the German Federal Supreme Court ruled last year that Facebook’s contractual obligations to maintain confidentiality did not conflict with an heir’s right to access. It ruled that confidentiality related to the account, rather than to the user personally. Facebook could, therefore, make the correspondence available to the user account (and consequently to the heirs) without breaching its confidentiality. It should be noted that this is a German ruling, and does not form a precedent in the UK.

Terms and Conditions

The terms and conditions of Apple’s iCloud provide that “Unless otherwise required by law, you agree that your Account is non-transferable and that any rights to your Apple ID or Content within your Account terminate upon your death. Upon receipt of a copy of a death certificate your Account may be terminated and all Content within your Account deleted.” Microsoft’s service agreement prevents a user from “transfer[ring] your Microsoft account credentials to another user or entity.” These provisions are not unique to those two ISPs. This results in a frequent contradiction between the terms and conditions governing the relationship between an ISP and a user during life, and the expectations of a user as to what will happen to their data on death, a conflict that can only be resolved by a Court.

The case of Scandalios, touched on above, is interesting. The US court ruled that electronic communications would pass to the heirs only through a legitimate will, and as there was no legitimate will, the surviving spouse would have no right to such communications. However, it also ruled that photographs were not “electronic communications”, and so could pass even without a will. Accordingly, the court compelled Apple to release the photographs to the widow. It is important to note that Scandalios is a US case and so of limited use in the United Kingdom. It does, however, act as a litmus test to show the direction of thinking in terms of digital assets.

So what can you do?

One suggestion made by many online will-writing software programmes is to write down your passwords in a list and give this to your executors. This is highly inadvisable, not least because of the practicalities of keeping this updated. It presents a real security risk, and executors are unlikely to want to take on this risk. Instead, it may be more secure to sign up to a “password manager”. These are heavily encrypted software programmes which allow you to store your passwords securely, and to gain access through a long and complex password. This master password may be written down and stored in a safe, or other safe place, perhaps with your will. Clearly this still carries with it an element of risk as your password is no longer known only to you, but it is significantly more secure than the first alternative.

In addition, until the government carries out a review on the operations of ISPs in relation to probate, users should follow the in-service recommendations from each ISP in order to streamline the process for your executors, and ensure that your chosen beneficiaries receive the information you want them to have.

If you read the terms and conditions of many ISPs, you will find that they promise nothing after your death. Twitter will “work with a person authorized to act on behalf of the user”. Apple states in its terms and conditions of service as mentioned above, that upon receipt of a death certificate “your Account may be terminated and all Content within your Account deleted”, and that “any rights to your Apple ID or Content with your Account terminate upon your death”.

As a slight sweetener to this hard-line approach, some ISPs have created their own post-death processes. Often, a user may nominate an individual who will have limited access to their data after their death. However, not all ISPs make such a provision, and many simply offer an email address for executors to contact, in the hope that they may be allowed to access the data of a deceased person.

To make things as easy as possible for your executors, you may wish to review your digital assets (email accounts, cloud storage, social media) and follow each ISP’s in-service provisions dealing with the situation following a user’s death. Where ISPs do not provide for access to data after death, it may be necessary to consider retaining hard copies of vital information.

What does the future hold?

As time passes, the problem is only going to get bigger. However, it does not seem to be a current priority for the government. As more and more of our daily personal and business lives move online, we lose a level of control over them, often without realising. Until the government introduces legislation to regulate the procedures of ISPs in respect of a user’s data following their death, it is for the individual and their legal advisers to ensure that suitable planning is undertaken.

Final thoughts

It is vitally important to perform a regular health-check of all your assets, digital and otherwise, to consider what you want to happen to them after your death, and seek advice if you are not sure. If you do not do this, your executors’ job becomes significantly more challenging. We recommend that you review your will regularly, and include in this a review of all your assets, both tangible and intangible.

We will report further as the law in this area develops. In the meantime, if you have any questions in relation to the issues raised in this article, please do not hesitate to get in touch with your usual Forsters contact.

Our Insights

"Real depth of experience in art and cultural sector particularly in the context of country house collections and heritage assets."
The Legal 500 UK, 2022