Delaware made history last week by becoming the first U.S. state to give a person's digital assets the same status as tangible assets where inheritance laws are concerned.
House Bill 345, the Fiduciary Access to Digital Assets and Digital Accounts Act, gives executors and heirs the same legal rights over digital assets (such as email or social-media accounts) as they have over physical assets.
However, this law only applies to Delaware residents, not to social media companies (including Facebook, Google and Twitter) which happen to be incorporated there.
Ars Technica noted that “people creating family trusts could conceivably use this Delaware law to their advantage, even without residing in Delaware.”
Presumably, various companies will have to change their policies or terms of service (at least for Delaware residents) to comply with this new law. For example, Facebook's current “Statement of Rights and Responsibilities” says this:
You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
You will not transfer your account (including any Page or application you administer) to anyone without first getting our written permission.
So even if you wanted to, for example, leave your Facebook login and password information to someone in your will (or just write it down and keep it in your safe deposit box where your executor will find it), this officially violates Facebook policy: your heir or executor couldn't even log in to your Facebook page to let your “Friends” know that you are gone.
Some privacy advocates have expressed concern over the Delaware law. Ars Technica printed a statement from Jim Halpert, director of the State Privacy and Security Coalition, who said he opposed the law because it “takes no account of minimizing intrusions into the privacy of third parties who communicated with the deceased … This would include highly confidential communications to decedents from third parties who are still alive — patients of deceased doctors, psychiatrists, and clergy, for example — who would be very surprised that an executor is reviewing the communications.”
An initial layman's glance at the text of the Delaware law suggests that it does not make any distinctions between personal and professional digital assets: for example, the personal email accounts physicians use for off-duty chats with friends, versus the professional email accounts they might use to discuss patient treatments with staff and colleagues.
Then again, Halpert went on to say that Delaware's new law “may well create a lot of confusion and false expectations because, as the law itself acknowledges, federal law may prohibit disclosing contents of communications.”
That's in reference to this bit from the text of the bill:
§ 5004. Control of digital accounts and digital assets by a fiduciary.
Except as otherwise provided by a governing instrument or court order, a fiduciary may exercise control over any and all rights in digital assets and digital accounts of an account holder, to the extent permitted under applicable state or federal law or regulations or any end user license agreement.
In that case, it appears that such digital assets as a physician's professonal email or password-protected access to a patient-records database are already exempt from Delaware's law, since federal confidentiality laws override it. Still, over the days and weeks to come it'll be worth watching to see how the tech and legal communities respond to the new law in Delaware.