INTRODUCTION
In today’s digital era, with our assets and personal data increasingly digitised, death is no longer limited to the physical world. It also extends into the realm of digital existence, where data, digital assets, and content exist without succession or control mechanisms. What happens to our online identities after we are gone is a pressing question that even the law is ill-equipped to answer.
With over 1.2 billion internet users in India,[1] the lack of legislation regarding digital legacies is no longer merely an oversight but a legal void affecting estate planning, consumer rights, and data protection. As these challenges grow, a comprehensive framework governing posthumous digital rights is not only relevant but also urgent.
WHAT IS DIGITAL LEGACY?
A digital legacy is the digital information available about someone following their death.[2] It includes social media accounts, email, digital wallets, cryptocurrency, online banking, cloud storage, software licenses, websites, intellectual property, digital artwork, writings, music, or other online content.
WHAT HAPPENS TO OUR ONLINE LIFE AFTER WE DIE?
In theory, our online accounts die with us, but in reality, that isn’t the case.
Most platforms do not take into account Indian inheritance laws. Technically, if someone knows our Instagram password, they could secretly log in, download pictures, or even delete the account. Still, there is a grey area between practicality, ethics, and the law. Indian law does not recognise digital heirs or executors, so even close relatives with access may violate platform policies, user privacy, or the IT Act.
Sections 43[3] and 66[4] of the IT Act classify using someone else’s credentials posthumously as illegal.
CURRENT LEGAL FRAMEWORK IN INDIA
Currently, India lacks comprehensive legislation addressing digital assets in inheritance and succession.
TRADITIONAL SUCCESSION LAWS
India’s succession laws are primarily governed by religious personal laws.
Neither the Hindu Succession Act, 1956,[5] dealing with the inheritance of both movable and immovable property, nor the Indian Succession Act, 1925[6], regulating the distribution of intestate property and testamentary succession, recognises digital assets like emails or e-wallets.
“Movable property” under s.2(e) only refers to tangible items[7]. Most wills also do not mention digital legacies at all.
Muslim succession under Shariat also lacks clarity on digital assets without any statutory or formal will-based bequest (wasiyat).
INFORMATION TECHNOLOGY ACT, 2000
The IT Act states that data must be protected, but it cannot be inherited. It neither recognises digital wills and executors nor provides a framework for digital succession or posthumous data rights.
CONSTITUTIONAL PERSPECTIVE
Article 21 protects the Right to Privacy as a fundamental right[8], which was extended to informational privacy in Justice K.S. Puttaswamy v. Union of India (2017)[9], raising an important question: Does the right to privacy survive death?
If dignity is protected after death (Paramanand Katara v. Union of India[10]), then logically, privacy, which is inextricably linked to dignity, must also be protected.
However, the judiciary has taken a restrictive view, suggesting privacy, publicity, and personality rights do not endure after death.
In Deepa Jayakumar v. A.L. Vijay & Ors.[11], the Madras High Court ruled that the right to privacy ends with death and cannot be inherited by their surviving legal heirs citing actio personalis moritur cum persona (personal action dies with the person).[12][13]
Similarly, in the late actor Sushant Singh Rajput’s case[14], when his father sought an injunction against a film based on his son’s life,[15] the Delhi High Court held:
“…the rights ventilated in the plaint, that is, the right to privacy, the right to publicity and the personality rights which vested in Sushant Singh Rajput, were not heritable. They died with his death…”[16]
LEGAL GAPS AND CHALLENGES
JURISDICTIONAL ISSUES
Most digital service providers operate in foreign jurisdictions with U.S. law governing disputes. The platform’s privacy policies and Indian succession laws clash due to the Indian legal infrastructure’s struggle with cross-border digital assets.
DEFINITION AND CLASSIFICATION CHALLENGES
Indian laws do not define or recognise digital assets as inheritable property. Without a clear classification of “movable property”, “actionable claims” or “intellectual property”, probate procedures are difficult. Even the Digital Personal Data Protection Act, 2023, does not specify what happens to a deceased person’s data or acknowledge personal data as inheritable.[17][18]
ENFORCEMENT CHALLENGES
Though electronic records are admissible evidence under Section 65B of the Indian Evidence Act, 1872[19] (Dharambir v. CBI[20]), police or courts may struggle to access records of a deceased due to privacy policies or jurisdictional limits.
Admissibility does not guarantee accessibility.
FROZEN FUNDS
Private digital wallets lack uniform succession policies. In most cases, transfers are made upon the submission of a death certificate and KYC documents[21], but sometimes, the money is stranded due to a lack of legal instructions or next-of-kin verification.
The situation is worse with cryptocurrencies, governed by private keys and no “forgot password” option. If a person dies without disclosing their private keys or wallet credentials, the assets are lost forever.[22]
Cryptos are not explicitly recognised under Indian succession law, so ownership may be contested in probate. Without proper declarations, it could result in inheritance or capital gains tax.[23] Accessing cryptocurrency without a court’s approval is interpreted as theft or misappropriation.
CYBERSECURITY RISKS
Unattended digital accounts are vulnerable to hacking, impersonation, or data theft. Unregulated access or attempts to recover data create cybersecurity threats. Families resorting to phishing or illegal hacking to access digital data may face criminal liability under the IT Act.[24]
PLATFORM RESPONSE
While Indian laws remain silent on this issue, tech platforms have their privacy-centric unilateral policies.
Facebook allows changing profiles to a tribute (memorial) page with minimal personal details, upon receiving proof of death.[25] It’s “legacy contact” feature lets users appoint someone to manage their account or opt for permanent deletion after death.[26]
Instagram and Twitter also follow similar policies, allowing users to memorialise or deactivate accounts upon valid proof of death. They, however, do not provide actual access to the content.[27][28]
Google’s Inactive Account Manager[29] allows users to choose trusted contacts who can receive specific data if the account becomes inactive. In the absence of such a setup, family members can request data, but access is discretionary and limited.[30]
INTERNATIONAL PRECEDENTS
United States: There is no single federal law governing digital legacies. Each state has its model law.
Adopted by over 46 states, the Revised Uniform Fiduciary Access to Digital Assets Act 2015 grants executors and trustees access and management authority over digital assets as part of estate administration if explicitly allowed in a will.[31]
Germany: Digital accounts are inheritable property.
The Federal Court of Justice (BGH) in the historic Facebook Case (2018) ruled that parents could inherit their deceased daughter’s Facebook account, treating it like letters or diaries, emphasising that under the German Civil Code (BGB), users and social media platforms have inheritable contractual obligations.[32]
France: France has one of the most advanced statutory frameworks for posthumous data rights, recognising digital inheritance and allowing next-of-kin access upon death with proper paperwork. Article 85 of Loi Informatique et Libertés (French Data Protection Act) allows individuals to set guidelines regarding the use, preservation, and deletion of their data after death.[33]
Digital Personal Data Protection Rules, 2025 (draft)
The proposed Digital Personal Data Protection Rules, 2025 (DPDP Rules) aim to introduce important provisions related to the management of digital accounts after death.
Rule 8(1)[34] of the draft states that unless otherwise required by law, data fiduciaries must delete the principal’s data if he/she does not exercise their rights or there is no activity on the platform for a certain specified period.[35]
Furthermore, both the proposed draft and its parent Digital Personal Data Protection Act, 2023 empower the data principals to nominate others to manage their data posthumously under Section 14 of the DPDP Act[36].
However, since platforms like Facebook and Google already offer such options, such nomination is not mandatory.
WAY FORWARD
- Recognise Digital Assets in Wills
Amended the Indian Succession Act to include “digital assets” like emails, cloud storage, and social media as inheritable property and encourage digital wills and nomination clauses. - Enact a Digital Law
Stand-alone legislation similar to the Digital Personal Data Protection Act, 2023, should be introduced to designate digital executors, permit access to online accounts after death, and require platforms to share data with legal heirs.
- Mandatory Terms for Tech Giants Exclusive to India
The terms of service of digital platforms operating in India should include legally binding, India-specific succession clauses.
CONCLUSION
India’s legal system remains stuck in the paper age. As other countries move toward codifying digital inheritance, the absence of posthumous rights in India is not merely a technical gap but a fundamental issue of rights, dignity, and control over one’s digital afterlife. Recognising digital assets as part of a person’s estate and allowing for clear nomination, access, and deletion mechanisms are no longer futuristic concerns but present-day necessities. Until clear statutes and legislative intervention are in place, individual digital estate planning remains the best way to ensure they are respected.
Author(s) Name: Nandini Shaw (Calcutta University, Jogesh Chandra Chaudhuri Law College)
References:
[1] Statista, ‘Number of internet users in India from 2010 to 2023, with estimates until 2050 (in millions)’ (Statista, 2025) https://www.statista.com/statistics/255146/number-of-internet-users-in-india/ accessed 12 May 2025
[2] Digital Legacy Association, ‘What is a digital legacy?’ (Digital Legacy Association) https://digitallegacyassociation.org/about/what-is-a-digital-legacy/ accessed 12 May 2025
[3] Information Technology Act 2000, s 43
[4] Information Technology Act 2000, s 66
[5] Hindu Succession Act 1956.
[6] Indian Succession Act 1925
[7] Indian Succession Act 1925, s 2(e).
[8] The Constitution of India 1950, art 21.
[9] Justice K.S. Puttaswamy (Retd.) v Union of India (2017) 10 SCC 1
[10] Paramanand Katara v Union of India AIR 1989 SC 2039.
[11] Deepa Jayakumar v A.L. Vijay & Ors AIR 2021 Mad 167.
[12] Deepa Jayakumar v A L Vijay & Ors OSA No 75 of 2020 (Madras HC, 10 December 2020)
[13] Anushree Yewale, ‘Posthumous Survival of Privacy & Personality Rights (Part 2)’ (The Legal 500, 11 July 2023) https://www.legal500.com/developments/thought-leadership/posthumous-survival-of-privacy-personality-rights-part-2/ accessed 13 May 2025
[14] Krishna Kishore Singh v Sarla A Saraogi & Ors [2023] IA 10551/2021 in CS(COMM) 187/2021 (Del HC)
[15] ‘Delhi HC refuses to stay “Nyay: The Justice” movie based on Sushant Singh Rajput’ LiveLaw (11 July 2023) https://www.livelaw.in/high-court/delhi-high-court/delhi-high-court-publicity-privacy-rights-injunction-telecast-movie-based-actor-sushant-singh-rajput-232548 accessed 13 May 2025
[16] Krishna Kishore Singh v Sarla A Saraogi & Ors [2023] SCC OnLine Del 3997
[17] Digital Personal Data Protection Act 2023 (No 22 of 2023), ss 14, 15
[18] Ministry of Electronics & IT, ‘Draft Rules under the DPDP Act Notified’ The Hindu (7 May 2024) https://www.thehindu.com/news/national/it-ministry-notifies-draft-rules-under-data-protection-law/article69058838.ece accessed 13 May 2025
[19] Indian Evidence Act 1872, s 65B.
[20] Dharambir v. Central Bureau of Investigation, (2008) 148 DLT 289 (Del HC)
[21] PhonePe, ‘Terms of Use of PhonePe Wallet/eGV’ https://www.phonepe.com/terms-conditions/wallet/ accessed 14 May 2025
[22] ‘Estate Planning for Crypto: What Happens When You Die’ Investopedia https://www.investopedia.com/what-happens-to-crypto-when-you-die-8721456 accessed 14 May 2025
[23]Lexology, ‘Can cryptocurrencies be included in will?’ https://www.lexology.com/library/detail.aspx?g=4663b05c-fb16-42d8-99b4-937e48e82076 accessed 14 May 2025
[24] Information Technology Act 2000, ss 66C, 66D
[25] Facebook Help Center, ‘Request to Memorialize or Remove an Account’ https://www.facebook.com/help/1111566045566400 accessed 14 May 2025
[26] Facebook Help Center, ‘Legacy Contacts’ https://www.facebook.com/help/991335594313139 accessed 14 May 2025
[27] Instagram Help Center, ‘Report a Deceased Person’s Account on Instagram’ https://help.instagram.com/264154560391256 accessed 14 May 2025
[28] Twitter Help Center, ‘Contacting X about a Deceased Family Member’s Account’ https://help.twitter.com/en/rules-and-policies/contact-twitter-about-a-deceased-family-members-account accessed 14 May 2025
[29] Google Help, ‘About Inactive Account Manager’ https://support.google.com/accounts/answer/3036546?hl=en accessed 14 May 2025
[30] Google Help, ‘Submit a Request Regarding a Deceased User’s Account’ https://support.google.com/accounts/troubleshooter/6357590?hl=en accessed 14 May 2025
[31] Uniform Law Commission, Revised Uniform Fiduciary Access to Digital Assets Act (2015)
[32] Bundesgerichtshof (BGH), III ZR 183/17, 12 July 2018
[33] Loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés, art 85 https://www.legifrance.gouv.fr/loda/id/JORFTEXT000000886460/ accessed 14 May 2025
[34] Ministry of Electronics and Information Technology, Draft Digital Personal Data Protection Rules 2025, r 8(1)
[35] Rakesh Chandra, ‘Draft Digital Personal Data Protection Rules, 2025: A Critical Appraisal’ (Reflections, 2025) https://reflections.live/articles/1392/draft-digital-personal-data-rules-2025-a-critical-appraisal-article-by-rakesh-chandra-20072-m6f252sg.html accessed 14 May 2025
[36] Digital Personal Data Protection Act 2023, s 14.
