Pasternak & Fidis Reporter

February 12, 2016

Update on Fiduciary Access to Digital Assets

Your personal representative (the executor of your will) will need to read your emails.  This may not be something you’ve thought about before, but it’s true.  You get bank statements, bills, and even tax forms delivered to you only by email.  You have automatic, recurring payments set up from your checking account each month.  You may have important information stored in the cloud.  Your personal representative must marshal and inventory all of your assets, pay bills and taxes, report to the probate court and tax authorities, and distribute your estate as you direct in your will.  She cannot do that job properly—as she is required by law to do—without all relevant information and authority to manage your digital footprint.

Under current law, your personal representative is not allowed to read your emails even if you very responsibly planned ahead and made a list of usernames and passwords for her.  Not that your list would help, anyway, when logins include security questions that only you can answer (will she know the first concert you attended; your favorite movie; the name of your first-grade teacher?) or require your thumbprint.  In fact, under current law, your personal representative is not allowed to read your emails even if you left instructions in your will expressly authorizing her to do so.  This is because access to your online accounts is governed not by you, but by the very lengthy, very restrictive terms of service (TOS) agreement that you didn’t read when you clicked “Accept” at the time you opened your account, and that TOS agreement almost certainly says that nobody (not even your fiduciary) can access your account but you—and that you don’t have the right to share your username and password with anyone.

In our Spring 2014 issue, I reported that the Uniform Law Commission (ULC) was preparing a model act to govern fiduciary access to digital assets, working closely with internet service providers to craft a workable law that would address this increasingly pressing issue.  What happened with that?  The ULC issued its Uniform Fiduciary Access to Digital Assets Act (UFADAA) in 2014.  The 2014 (original) version of UFADAA was introduced in 26 states in the 2014-2015 legislative cycle—which may be a record for the first year of a new uniform act—but it failed in all of them.  Why?

The ULC and state bar associations advocating for enactment of UFADAA were vehemently opposed by internet giants like Google, Facebook, Yahoo! and AOL.  Despite having been participants in UFADAA’s drafting efforts, the tech industry representatives ultimately did not support the resulting uniform act.  They hired lobbyists to oppose it in every jurisdiction and enlisted the ACLU and other interest groups to help them fight the bills in state legislatures.  Their cited objections were:

  • Sanctity of contract: UFADAA would have trumped the TOS agreements;
  • Federal preemption: federal electronic communications privacy laws prohibit internet providers from disclosing the content of electronic communications except with the lawful consent of the user—these laws do not explicitly state that a fiduciary can provide the user’s lawful consent on his or her behalf; and
  • Privacy: they successfully persuaded legislators that users would not want disclosure of their electronic communications to their personal representatives without express authorization from the user.

The tech industry put forward its own competing bill, Privacy Expectations Afterlife & Choices Act (PEAC Act), but the ULC and state bar associations opposed the PEAC Act because it (i) dealt only with decedents’ estates and not with guardianships/conservatorships, agents acting under powers of attorney, or trustees; (ii) required a court order in all instances, which would have put an undue burden on the judiciary; (iii) required estates (even modest ones) to indemnify multinational internet companies; (iv) dealt only with electronic communications (emails, texts, and social media posts) and not with other forms of digital property (files in cloud storage, Bitcoin, domain names, blogs, etc.); and (v) required an affirmative opt-in by the decedent in all instances.  When less than half the population bothers to make a will at all, and only a very few of those would think to include in their wills an express authorization for managing digital assets, item (v) means the PEAC Act would help in only a very, very small number of cases.

The PEAC Act was adopted only in Virginia, and only in modified form; it does require court orders and an affirmative opt-in for disclosure of email contents, and it does address only decedents’ estates and only electronic communications, but it does not require estates to indemnify tech companies.

After battling to a stalemate in the states, the ULC and the tech industry went back to the negotiating table over the summer of 2015 and reached a compromise that is supported by both sides.  That compromise is Revised UFADAA (RUFADAA).  RUFADAA deals with not only decedents’ estates, but also trusts, agents acting under powers of attorney, guardianships and conservatorships.  It deals with electronic communications and other forms of digital property.  It makes the user’s express instructions paramount, and allows users to provide those instructions in their traditional estate planning documents, via some other record, or via use of an online tool, such as Facebook’s Legacy Contact feature or Google’s Inactive Account Manager.  RUFADAA protects users’ privacy—the content of electronic communications will not be disclosed to a fiduciary without an affirmative opt-in from the user—but unless the user directs otherwise, RUFADAA does allow the fiduciary to get a catalog of electronic communications and to marshal the user’s other digital property.

The Uniform Law Commission is aware of over 30 states that will likely introduce RUFADAA this coming legislative cycle.  In Maryland, it has been introduced as HB507 and SB239.  California is of particular importance, because many online service providers’ TOS agreements invoke California law for dispute resolution.  All interest-holders acknowledge the advantage of a uniform law on this issue.  Early adoption of RUFADAA in other jurisdictions would be very helpful in improving the chances that California will consider RUFADAA-influenced amendments to their pending bill (based on the PEAC Act) and ensuring RUFADAA’s success nationwide.

Urge your legislators, wherever you may live, to enact RUFADAA, so that YOU can decide what happens to your digital assets in the event of your death or incapacity.