When people die in the real world, their online alter egos may live on, creating an unusual situation for those who only knew them through their online presence. The law is only beginning to address this limbo state, and fragmented privacy legislation provides no conclusive answer to the question of who should be allowed to access or delete someone's social networking profile or email correspondence after they die, a panel discussion at the Amsterdam Privacy Conference concluded.
When a Facebook user dies and Facebook is informed of the death, the company "memorialises" the profile, hiding features such as status updates, and allowing only confirmed friends to view the timeline and post on the profile.
Maintaining access to such a profile helps in the mourning process, said psychologist Elaine Kasket, who presented a paper on life after death on Facebook at the conference today.
"Visible conversation with a person who died and about person who died is important in the grief process," she said.
But while that may be important to Facebook friends, the family might think otherwise. If a friend for instance posts a picture on the deceased's profile showing them drunk and passed out on the floor during a party this might give solace to the poster, but family members could want to remember them in another way, said Kasket.
A wall post like this could prompt the family to ask Facebook to remove the whole profile, and in that way re-traumatise close Facebook dealing with the death, who then have to go through a second shock when they realise that the profile too is gone, said Kasket.
This raises questions about how online personal data should be handled after someone dies, but there is no conclusive answer to that in current legislation, said Edina Harbinja, a PhD student at the Law School of the University of Strathclyde.
There are laws that concern online life after death, but they are fragmented and differ by country, said Harbinja, who studied different European laws on the subject.
In Bulgaria for instance, the heirs of the deceased can exercise the rights of their family member, she said. In Estonia, meanwhile, if someone gives their consent to the processing of their personal data by an online service, that consent is presumed valid for 30 years after their death, unless they indicate otherwise during their lifetime. "Conversely, in Sweden and the UK, personal data is defined as something that belongs to the living, said Harbinja.
There is no pan-European legislation dealing with this problem yet. The draft of the European Data Protection Directive does not mention deceased's data in any context, she said. Since the legislation is so fragmented in the EU, it would be a real improvement if post-mortem privacy protection were to be introduced in the proposed regulation to enable the same level of protection for Europeans' digital data, she said.
Data protection laws aren't the only ones that can be used to protect personal data after death: copyright law can also play a role, said Damien McCallig, a PhD candidate in the School of Law at the National University of Ireland, Galway.
"Copyright offers post mortem protection," he said, but that protection eventually expires.
Current copyright laws actually promotes publication and reuse, according to McCallig. Eventually the deceased's emails, private journals or blogs, and private and direct messages on social media will be copyright free and in the possession of service providers such as Google, Yahoo, Twitter and Facebook if they still exist in the future, he said.
"Maybe you should have a time limit that automatically deletes data after a certain time," he said, adding that at the moment there is no comprehensive legal solution to regulate what should happen to someone's online data after he dies.
While copyright might offer some protection and can function as a surrogate regulation of digital remains, further research is needed to come up with a regulatory regime for online life after death, said McCallig.