Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Anita Fineberg Step 2012 Branch Sept. 19. 12
Similar to Anita Fineberg Step 2012 Branch Sept. 19. 12 (20)
Anita Fineberg Step 2012 Branch Sept. 19. 12
- 1. DISPELLING THE MYTHS: THE IMPACT OF PRIVACY RIGHTS ON DIGITAL ASSETS Anita Fineberg, LL.B., CIPP/C STEP PRESENTATION September 19, 2012 STEP Toronto Page 1
- 2. Agenda The Myths #1 The expectation of privacy of a deceased person dies with that person #2 No one could make a breach of privacy claim as a result of an executor’s alleged breach of the of the privacy rights of the deceased #3 The location of the physical device of the deceased determines the privacy laws that may apply #4: An executor has the right to all digital assets of the deceased as the property of the estate #5: In the absence of specific direction from the deceased, it is relatively easy for an executor to gain access to digital accounts #6: Social media assets accessed or controlled by employees form part of an employee’s estate upon their death Conclusions Questions Contact Information Reference Material: Accessing Online Accounts of a Deceased STEP Toronto Page 2
- 3. Myth #1: The expectation of privacy of a deceased person dies with that person The Facts • Canadian privacy law affords protection to personal and personal health information of individuals after their death • There are exceptions for the collection, use and disclosure of personal information solely for personal or domestic purposes: “non-commercial activities” STEP Toronto Page 3
- 4. Myth #1: The expectation of privacy of a deceased person dies with that person The Facts • In the context of a deceased’s “commercial activities” • Canadian private sector law is not clear STEP Toronto Page 4
- 5. Myth #2: No one could make a breach of privacy claim as a result of an Executor’s alleged breach of the of the privacy rights of the deceased The Facts • Privacy concerns are frequently raised to advance other claims • Disputes over the deceased’s commercial activities may be “cloaked” as a breach of privacy claim STEP Toronto Page 5
- 6. Myth #3: The location of the physical device of the deceased determines the privacy laws that may apply The Facts • Neither the physical location of the hardware, nor the geography in which the information was created are determinative • Lawson v. Accusearch Inc. STEP Toronto Page 6
- 7. Myth #4: An executor has the right to all digital assets of the deceased as the property of the estate The Facts • Privacy rights of a deceased may act as a barrier to access to the digital assets of a deceased • Absent a court order, electronic service providers (ESPs) are under no legal obligation to cooperate with an Executor to provide access to a deceased’s digital assets STEP Toronto Page 7
- 8. Myth #4: An executor has the right to all digital assets of the deceased as the property of the estate The Facts • Currently no Canadian laws address this issue • Facebook v. Stassen • A number of U.S. states have enacted legislation which specifically addresses a deceased’s digital legacy; e.g. Rhode Island, Connecticut (email accounts);Indiana (“electronically stored documents of the deceased”2007);Idaho and Oklahoma • Uniform Law Commission Study Committee on fiduciary power and authority to access digital property and online accounts during incapacity and after death STEP Toronto Page 8
- 9. Myth #5: In the absence of specific direction from the deceased, it is relatively easy for an Executor to gain access to digital accounts The Facts • All are different in terms of the manner in which they “balance” the privacy rights of the deceased and the responsibilities of an executor: • Processes are difficult to locate on the site • How they deal with accounts of deceased individuals • Information required to submit an application • The information that may be provided • To whom the information may be provided; e.g. a representative of the estate or a beneficiary STEP Toronto Page 9
- 10. Myth #5: In the absence of specific direction from the deceased, it is relatively easy for an Executor to gain access to digital accounts The Facts • Clarification of rights of executors required to meet privacy and other challenges to address deceased digital legacy STEP Toronto Page 10
- 11. Myth #6: Social media assets accessed or controlled by employees form part of an employee’s estate upon their death The Facts • Privacy policies and/or site Terms of Use apply to the individual use of the site • Complex issues that may not be addressed by legislation, corporate policies or social media terms of use • Issues relate to: • Ownership of the account (PhoneDog v.Kravitz, 2012) • Content posted to the account • Ownership of relationships (Eagle v. Morgan, 2011) STEP Toronto Page 11
- 12. Conclusion • Both privacy laws and site privacy policies and/or terms of use may act as a “barrier” to an executor’s access to digital accounts and assets • Policy questions remain to be addressed • Distinction between “non-commercial” and commercial uses of personal information • Highlights the need for proactive digital estate management STEP Toronto Page 12
- 13. Questions? STEP Toronto Page 13
- 14. Contact Information Anita Fineberg, LL.B., CIPP/C Barrister & Solicitor President, Anita Fineberg & Associates Inc. 416.762.4583 (B) 416.565.5007 (C) afineberg@sympatico.ca http://www.linkedin.com/in/anitafineberg Privacy by Design Ambassador STEP Toronto Page 14
- 15. Accessing Online Accounts of a Deceased LinkedIn: • can inform about user’s death but cannot ask to provide you with account details or transfer the account to you • reporting the death – verification of death form requires the deceased’s email address http://help.linkedin.com/app/answers/detail/a_id/2842 • account gets closed • no references to access by Executor STEP Toronto Page 15
- 16. Accessing Online Accounts of a Deceased Twitter • when advised of a user’s death, digitalizes all public tweets and provides them to the beneficiary before closing the account • need to provide username and twitter username, copy of death certificate; government-issued ID • signed, notarized statement with required information • the account is not transferred; public tweets are provided • https://support.twitter.com/articles/87894-how-to-contact- twitter-about-a-deceased-user STEP Toronto Page 16
- 17. Accessing Online Accounts of a Deceased Facebook • does not close or transfer the account; “memorializes” the account so that Facebook friends of the deceased may log in to post messages • advise Facebook of user’s death , but need to know the Facebook URL and email ID of the deceased • http://www.facebook.com/help/contact/? id=305593649477238 • “We also may close an account if we receive a formal request that satisfies certain criteria.” STEP Toronto Page 17
- 18. Accessing Online Accounts of a Deceased Microsoft Hotmail • to access account of deceased relative • Microsoft will provide access after six months • http://answers.microsoft.com/en- us/windowslive/forum/hotmail-profile/my-family- member-died-recently-is-in-coma-what-do/308cedce- 5444-4185-82e8-0623ecc1d3d6 STEP Toronto Page 18
- 19. Accessing Online Accounts of a Deceased Google • may or may not provide relatives with access to deceased’s emails • http://support.google.com/mail/bin/answer.py? hl=en&answer=14300 • as of March 1, 2012, Google changed its privacy policy and terms of service so that one now covers multiple products and services STEP Toronto Page 19
Editor's Notes
- Good afternoon – thank Elena for inviting me her to speak today. Erin has addressed such issues as Why should we care? What is the law? What is the difference between digital assets vs. accounts and what steps you should take to protect your virtual estate. I’ll speak to privacy issues that an Executor may encounter in protecting a virtual estate as Erin has described. I’ll continue to use Erin’s important distinction between digital accounts vs. digital assets. A few examples of things to keep in mind re: why an Executor or someone else may want to access digital assets and their value which may not be financial - spouse passing away without leaving surviving spouse the userID and password for bank accounts to Facebook accounts where parents want to know why their child committed suicide. Value can be concrete – e.g. Twitter followers or Facebook “likes” for an online company; or emotional as noted; interesting in the context of the sale of a business re: “goodwill”. Paypal accounts with balances
- My objectives are to: (i) dispel some commonly held myths related to privacy, death and a deceased’s digital accounts and assets, from both the perspective of privacy legislation and privacy policies of some common sites. The “myths” are actually derived from statements and comments made by some individuals in their discussions of digital estate planning.
- This myth is actually a quote from the case of R. v. Sanderson, decided by the then Ontario Court of Justice in 2000. I have heard it used by counsel to claim that privacy issues are ireelevant in the discussion of digital estates. The facts are that Canadian privacy aws must be considered. Canadian privacy laws fall into 3 categories: (i) those that deal with information in the private sector – we have federal and provincial laws; (ii) those that apply in the public sector – such as government; and (iii) in some provinces those applicable to personal health information in both the public and private sectors. It is the private sector laws that will generally apply when dealing with digital accounts and assets. These laws apply to what we call personal information (PI) or personal health information (PHI). And what we see is that this is most commonly defined as “information about an identifiable individual”. There is no reference to whether the individual has to be living, unlike the situation in laws related to PHI. So I think it fair to say that both account information, as well as the information contained in the online files of the deceased will fall within this definition. Based on these exceptions – any pi, such as emails, that are held on a personal computer used exclusively for the deceased’s personal use may thus be accessed by the estate trustee, assuming they know the user ID and password. . This general statement needs to be qualified depending on the jurisdiction (federal or provincial); type of information (personal or PHI) or public or private sector as they are different providing that privacy exists for e.g. 20 or 50 years after death. However, do not assume on the basis of legislation e.g. The BC FOIPA re: personal information of a deceased may be accessed by the deceased’s personal representative that this applies across the board
- But what if the exception doesn’t apply – the deceased has run their business from their personal laptop? Does the executor have the right to access that information that may include the personal information not only of the deceased, but of their employees, and potentially their clients and others? Most public sector privacy laws provide such as BC’s Freedom of Information and Protection of Privacy Act does that rights of access to personal information may be exercised by a deceased’s nearest relative or personal representative. However private sector legislation does not afford such rights to an executor. or other representative.
- I have been asked who is going to claim damages as a result of an executor’s alleged breach of the deceased’s privacy rights? Fair question – however, as is frequently the case alleged infringement of privacy rights may be used to advance another claim. For example, in this case in a dispute over the assets of the deceased’s business, or between the deceased and an employee creative counsel may well claim that the executor did not have the authority to access the personal information in the first place. It is very important to note that under Canadian law a breach of privacy claim need not be brought by the individual whose personal information was allegedly accessed without the proper authority – anyone can raise the issue.
- If we assume that we are considering the application of privacy laws to online content, one of the most vexing questions is to determine what laws apply – as you can appreciate in the online world, information knows no boundaries. So if a deceased created the information in may different places, the physical device is located in Canada but the company; e.g. Facebook is located elsewhere (the US) do Canadian privacy laws even enter into the picture? Like numerous digital issue law is somewhat unsettled. However in the Lawson case [2007] 4FCR 314 the FCC held that the relevant test to determine whether the Federal Privacy Commissioner has jurisdiction under PIPEDA to investigate a complaint against a foreign-based organization is whether there is a real and substantial connection between the subject matter, the parties or the territory to Canada – determined that she did and that’s why she investigated complaints related to Facebook. However in the absence of a complaint, the extraterritorial scope f the application of Canadian privacy legislation has yet to be tested in the courts.
- This leads to the next myth – digital assets where the executor does not have access to a User ID and password, and where a site privacy policy or terms of use will govern the executor’s right to access the information of the deceased. Many ESPs have no testamentary policies so conflict- practically how the executor will find the assets, gain control and transfer to the beneficiary
- This is where 2 conflicting principles come into play: (i) heirs to the estate should have full access to digital accounts; vs. (ii) online services have a responsibility to protect their users’ privacy, even after death Facebook v. Stassen: son committed suicide; parents wished to access emails and social media posts in an attempt to discover why. Gmail and Facebook were concerned about son’s privacy and denied access. Parents got court orders: Google complied but Facebook did not, continuing to maintains son’s privacy. In June of this year the Stassen’s got a court order ordering Facebook to provide all the contents of their son’s Facebook account to them but as far as I’m aware Facebook has not complied. The US laws addressing this issue vary with respect to their scope. No information re: thoughts of Canadian laws being enacted to deal with this issue
- As described in the Stassen case, this is clearly a myth. If the Executor does no know the deceased’s user ID and password for some common social media sites it can be a daunting task. Rather than taking the time to go through this issue now, I have included, as a reference, some summary information and web links on how some common sites – LinkedIn, Twitter, Facebook, Google, Microsoft Hotmail – deal with this Regardless in all cases may be overridden by a Court Order
- As you’ll see when reviewing the processes, it is not an easy task and sometimes it is impossible.
- While in the cases cited here the former employees are still alive, will be an issue when the employee is deceased and, in addition to the issues raised in these US cases, if arose in Canada, would likely have privacy issues as well because in Canada employees generally have more privacy rights than those in the US.. So in Canada, will arise re: information held on a computer owned by the deceased’s employer. Component parts of such accounts: i) user information; e.g. account’s username and password; ii) user-generated content (UGC) such as pictures , links to a user’s profile and profiles of others; iii)relationships that users have with other users. PhoneDog v. Kravitz – an employee attracted 17.000 followers to his employee-affiliated Twitter account, which was used to distribute information related to the employer’s business. When his employment at the company ended, the now former employee changed the Twitter account’s username and password – effectively converting it to a personal Twitter account – instead of relinquishing the account as requested by the employer. Employer sued former employee to get the Twitter account back Ownership of relationships: Eagle v. Morgan – dispute over former employee’s LinkedIn connections after the employee’s termination. Profile was in the name of the former employee but other employer personnel helped maintain the content and connections.. Employer alleged that former employee wrongfully misappropriated the LinkedIn Account when, after termination, he changed the password and denied the employer access to the account . Misappropriation claim survived a rule 12 challenge because, at least on its face, the employer had expended time and money developing and maintaining the LinkedIn connections. Both PhoneDog and Eagle cases are expected to be heard later this year
- Privacy laws well behind the digital world generally and in this area minimal consideration of the issue One of the policy questions that needs to be addressed in my view goes to the heart of privacy issues in online accounts and makes it so important for people to address these issues before they die – Stassen – private parts of a site that one did not want parents or others to access in life – why should we assume the situation is any different when the individual dies?