Skip to main contentScroll Top

DIGITAL LEGACIES AND THE LAW: REGULATING IDENTITY, DATA, AND ASSETS AFTER DEATH

Death has always generated legal consequences, such as the transfer of property, the closure of contracts, and the distribution of estates. What it has not historically generated is a body of law

INTRODUCTION

Death has always generated legal consequences, such as the transfer of property, the closure of contracts, and the distribution of estates. What it has not historically generated is a body of law capable of dealing with what a person leaves behind in digital form. A photograph album could be bequeathed in a will. A diary could be burned or preserved as the family chose. But an email account, a decade of social media posts, a cloud storage drive filled with irreplaceable family photographs, a cryptocurrency wallet, a library of purchased digital music, none of these fit neatly into the categories that inheritance law developed over centuries to manage.

This article examines how courts and legislatures across key jurisdictions have begun to answer those questions, where the law still fails the people who most need clarity, and what a coherent legal framework for digital death might look like.

THE NATURE OF DIGITAL ASSETS AND THE PROPERTY QUESTION

Physical assets are property because they are, broadly, things that can be possessed, transferred, and excluded from others. Digital assets test each of those qualities.

While English law increasingly recognises digital assets as inheritable property, personal data warrants different treatment. Unlike crypto-assets, personal data embodies privacy, autonomy, and relational interests extending beyond economic value. Permitting unrestricted succession of messages, health records, or browsing histories may undermine the deceased’s dignity and affect third parties. Consequently, inheritance law should distinguish transferable digital assets from non-transferable personal data.

COURTS CONFRONTING DIGITAL DEATH

The Ellsworth and Ajemian Lines of Authority

One of the earliest cases addressing digital inheritance was In re Estate of Ellsworth (2005)[1], where a Michigan probate court ordered Yahoo! to provide a deceased Marine’s email contents to his parents despite objections based on the Stored Communications Act and contractual terms. While the decision adopted a compassionate and practical approach by treating the estate as standing in the deceased’s place, it left unresolved the precise legal basis for posthumous access and the extent to which privacy rights survive death.

More than a decade later, Ajemian v Yahoo! Inc.[2] reaffirmed that estate administrators could provide “lawful consent” for disclosure under the Stored Communications Act. The decision extended traditional fiduciary principles to digital accounts and highlighted the influence of platform terms of service. However, it left unresolved the broader question of whether heirs possess an independent legal right to access and control a deceased person’s digital communications.

The German Facebook Judgment

Perhaps the most analytically sophisticated judicial treatment of digital succession came from Germany. A significant development emerged from Germany’s Federal Court of Justice (Bundesgerichtshof) in 2018, which held that a deceased teenager’s Facebook account passed to her parents as part of her estate.[3] The Court treated digital communications analogously to letters or diaries, applying ordinary inheritance principles rather than creating a special regime for digital assets. However, while the decision clarified the transmissibility of digital accounts, it left unresolved broader questions concerning the privacy interests of third-party correspondents and the treatment of highly personal data after death.

Platform Governance and Its Limits

Where courts have been cautious, platforms have, for commercial and reputational reasons, developed their own policies. Facebook introduced memorialisation protocols and a “legacy contact” feature. Google launched an Inactive Account Manager. Apple, following years of criticism, announced a Digital Legacy feature in 2021, allowing users to designate beneficiaries for their data. These are private arrangements, not legal entitlements, and they share a common weakness as they vest governance of the deceased’s digital estate in the platform rather than in law. A company can change its terms, close down, or make inconsistent decisions. The law, at least in principle, does not.[4]

DATA PROTECTION LAW AND THE DEAD

One might expect data protection law to provide a framework for posthumous data rights, but it largely does not. The UK GDPR(General Data Protection Regulation) and EU GDPR apply only to living natural persons.[5] Consequently, personal data loses its protected status upon death, despite often containing highly sensitive information such as medical records, communications, and financial histories. Some jurisdictions have sought to address this gap. France, for example, allows individuals to leave instructions concerning the management of their personal data after death, creating a form of digital testamentary right.[6] The United Kingdom, however, lacks a comparable and coherent framework governing posthumous data protection.

The Administration of Estates Act 1925 governs the distribution of a deceased person’s estate in England and Wales, but it was never designed for intangible digital content.[7] A personal representative administering an estate has no clear statutory authority to demand access to a deceased’s cloud storage, email archive, or social media profile from a platform incorporated overseas and governed by foreign law. The practical result is that the wealthiest and most technically sophisticated estates can usually navigate the gap; everyone else cannot.

The absence of posthumous data protection does not mean that all legal safeguards disappear at death. Limited protections may still arise through the law of confidence,[8] contractual obligations in platform terms of service, and the privacy interests of living third parties whose communications appear in a deceased person’s records.[9] Professional duties of confidentiality, particularly regarding medical and legal information, may also continue after death.[10] However, these protections are fragmented and indirect, providing no comprehensive substitute for the data protection rights enjoyed during life.

PERSISTENT LEGAL CHALLENGES

The Terms of Service Problem

Most digital accounts are not owned by their users. They are licensed, conditionally and revocably, under terms of service that typically prohibit transfer. When the account holder dies, the licence, on a strict reading of the contract, terminates. This means the contents of the account, such as emails, documents, and photographs accumulated over the years, may not form part of the estate at all.

Cryptocurrency and Practical Inaccessibility

Digital assets with direct economic value raise particularly acute succession challenges. Cryptocurrency held in a self-custodied wallet can be accessed only through a private key. Where the deceased fails to disclose that key or make succession arrangements, the assets become effectively unrecoverable. Unlike conventional bank accounts, no court or intermediary can compel a blockchain network to restore access. The scale of this problem is significant: Chainalysis estimated that between 2.78 and 3.79 million Bitcoins may be permanently lost due to inaccessible private keys.[11] While law cannot overcome cryptographic barriers, it can encourage prudent estate planning and digital succession mechanisms.

Cross-Border Complexity

Digital estates frequently transcend national borders, with online accounts, cloud storage, and digital assets governed by different legal systems. While no international instrument specifically addresses digital succession, established private international law principles provide some guidance. Decisions such as Google LLC v CNIL demonstrate judicial sensitivity to the territorial limits of digital regulation,[12] while Facebook Ireland Ltd v Schrems highlights the challenges posed by cross-border data governance.[13] Nevertheless, the fragmented nature of digital estates continues to create uncertainty, underscoring the need for a coherent international framework governing succession in the digital age.

CONCLUSION

Death has always unsettled legal systems, but because each generation invents new kinds of property that require the categories of succession law to stretch. Digital assets are the current test of that elasticity, and the law is passing it, but barely.

The solution is not technically complex. It requires a statutory definition of digital assets capable of encompassing both the economic and the personal, clear succession rules that treat platform contracts as transmissible by default, a national framework for posthumous data rights to replace the GDPR’s silence on the subject, and international cooperation to handle the cross-border dimension. The legal infrastructure of death has been updated many times before. It needs updating again.

Author(s) Name: Priyam Pratik (Allahabad University, Faculty of Law, Main Campus)

References:

[1] In re Estate of Ellsworth [1993] 158 B R 856 (M D Fla 1993)

[2] Ajemian v Yahoo! Inc [2017] 84 NE 3D 766 (Mass 2017)

[3] Dr Alexander Hardinghaus et al., ‘German Federal Supreme Court: Facebook account passes to heirs’ (Lexology, 12 July 2018) <https://www.lexology.com/library/detail.aspx?g=1adb5f82-e5f7-4ecc-9c68-1d98f84854e6&__cf_chl_f_tk=iBVVzfkmKI.7SBQXeRCkVFL_xNDqxtXyoABjmDuI06I-1782891779-1.0.1.1-WbwoVodHNpLwBY2SmHoFujp4sfaJDhjACoztfN6VhC4> accessed 05 May 2026

[4] Edina Harbinja, ‘Post-mortem privacy 2.0: theory, law, and technology’ (2017) 31(1) International Review of Law, Computers & Technology 26 <https://www.tandfonline.com/doi/full/10.1080/13600869.2017.1275116> accessed 05 May 2026

[5] Data Protection Regulation 2016

[6] Loi n° 2016-1321 du 7 octobre 2016 pour une République numérique (France), art 63 <-is this citation correct?

[7] Administration of Estates Act 1925 (UK), s 1

[8] Attorney General v Guardian Newspapers Ltd (No 2) [1990] 1 AC 109

[9] Campbell v MGN Ltd [2004] UKHL 22

[10] General Medical Council, Confidentiality: Good Practice in Handling Patient Information (2024); The Code of Conduct for Barristers in England and Wales (5th edn, Bar Standards Board 2026) r C15

[11] Jeff John Roberts and Nicolas Rapp, ‘Exclusive: Nearly 4 Million Bitcoins Lost Forever, New Study Says’ (Fortune, 25 November 2017) <https://fortune.com/2017/11/25/lost-bitcoins/> accessed 11 June 2026

[12] Google LLC v Commission nationale de l’informatique et des libertés (CNIL) [2019] Case C-507/17 (ECLI:EU:C:2019:772)

[13] Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems [2020] Case C-311/18 (ECLI:EU:C:2020:559)