Death it’s an inconvenient truth that no one wants to face and that always comes at a bad time. Wills can ensure that our physical and earthly affairs are in order, but what happens to our WhatsApp messages, Instagram and other social network profiles, data and email correspondence? The deceased’s online activity remains in the cloud, inaccessible to family and loved ones for the foreseeable future.

Times have changed and today’s society lives on two levels: the physical and the digital. While it has become commonplace to leave a written document as a testament upon death, the importance of managing our digital legacy is rarely considered. Social networks, messaging apps, emails… everything stays active in the cloud as well, and that includes the content at stake.

Borja Adsuara, lawyer specializing in digital law, as “El Pais” writes, refers to the regulation of this content as “digital heritage, that is, the set of digital goods and services left behind when someone dies.”

Who is in control?

This is a complex issue, given that companies that offer online services – such as Google, Apple and Facebook, among others – have very strict privacy policies governing access to the accounts of deceased users.

One of the most notorious cases on the subject took place in Germany, when a teenage girl was killed by a train in 2012 and her parents demanded the passwords to her Facebook account to determine the possible causes. Years later, a judge ruled in their favor, forcing Mark Zuckerberg’s company to hand over the password. “In this case it was the judge who decided that knowing what had happened was more valuable than the person’s privacy“, says the lawyer.

Some companies allow immediate family members to request the account be closed, but full access to its information is rarely granted without the express consent of the original account holder. That is, the account owner must either designate an heir to the account while they are still alive, or specify that they wish the account to continue to exist as a tribute page, and in that case designate one of their contacts as the eventual its manager.

These managers are called “legacy contacts” and are responsible for maintaining those accounts by replying to messages or moderating messages and occasionally uploading commemorative photos. But without adequate preparation, a maze of regulations can leave families in a difficult and often emotionally draining position.

Ethical and legal problems

The law has not fully adapted to this new reality. Accessing an account – without express permission – is illegal in many places, regardless of good intentions.

This not only puts loved ones in a difficult position, but also raises ethical questions about privacy and ownership of postmortem digital information. Another related case took place after the tragic shootings in San Bernardino in 2015: the FBI asked Apple to unlock the gunman’s iPhone, and the Cupertino-based company flatly refused, arguing that its customers’ privacy was more important than the dissemination of the potential content of the device.

Google, the big recipient of personal information online, has also developed policies around posthumous inheritance. Those who want to leave everything neatly organized can designate a dormant account administrator, a person responsible for determining what happens to someone’s information in the event of their death.

If that position isn’t paid, the company allows relatives to delete or manage the account by filling out a form, but the process is more complicated given privacy concerns. Relationships with previously unknown third parties or other incriminating material etc. may be revealed.

Preparation and perspective

To avoid these issues, a detailed plan is required. The first step is to record all accounts and passwords. This list should be accessible to someone you trust in the event of your death.

It is also wise to draw up a digital will with clear instructions on how to handle information online.

Our digital life is an extension of our physical existence, full of memories, personal data and social connections. There will be things that we want to leave for future generations, but also others that we would prefer to remain out of reach, to die with us. A digital diary, conversations with friends or acquaintances via WhatsApp … The value of this type of content is personal and can damage the posthumous public image of the deceased. How can we ensure that no one can access it?

There are only two ways to ensure that this information remains inaccessible: delete it or apply encryption so that no one, not even your service provider, can access the content. Services like Nordlocker or Dropbox’s Vault guarantee that only those with the passwords will be able to access the stored data.