No one wants to think about their death, but itâs a fact of life. If you live a long life if itâs tragically cut short, at some point you will no longer be around.
Unlike previous generations, most people alive today will leave behind a digital legacy, mobile phone contacts and social media accounts to digital online photos.
Without proper planning, that legacy might end up causing more distress to your loved ones, with inaccessible social media pages, no control over comments being left, and possibly lost treasured memories.
Wills & Letter Of Wishes | Passwords | Facebook | Google | Twitter | WhatsApp | Instagram
More and more of our life is being stored digitally; photos on our phones being backed up to cloud services and sorted into online digital albums, documents being stored online, address books and contact information in our phones and social media holding details of conversations with our friends and family.
While weâre alive and have full access to our memory and our devices, the security that is used to keep hackers out of these online services (mostly) does exactly what it is meant to. We can access the content freely and easily, others can not.
But what happens if you pass away or suffer a life changing incident that means you canât access your data again? Do you want your loved ones struggling to get access to your online accounts when you canât?
The General Data Protection Regulation state that the GDPR only applies to you while youâre alive. Once youâve died, personal information is no longer protected, and itâs up to each country to decide how that data should be treated.
This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons
General Data Protection Regulation
The UKâs data law, the Data Protection Act 2018, does not make any provisions for data belonging to a deceased individual either.
Personal Information is any information relating to an identified or identifiable living individual
Data Protection Act 2018
Itâs obviously not quite that clear cut. While your online photos will generally not affect other individuals privacy, granting access to a deceased personâs social media account means you are granting access to personal information of any contacts the deceased was connected to, and this could potentially breach the GDPR.
Until the UK Law deals with the issue of data ownership and access rights after death, itâs prudent to make your own provisions to ensure you have a say to what happens to your data after you die.
You might not think about making a will, you might consider your assets and affairs donât require one, but making a will and leaving an associated letter of wishes should be something you do regardless of your situation.
In your will you should include you wishes to grant various people access to your social media and other digital accounts (banking, cryptocurrency, household utilities etc) but leave the details of how to access the accounts in an associated Letter Of Wishes, this can be more easily updated if/when you change your logon credentials for example.
In the letter of wishes you can include details of the location of a secure password vault, and the means to access it. You can also put other various pieces of information; who should (and should not) be notified of your death, information on how you want your trustees to manage your estate, how you want guardians to bring up your children and so on.
Keeping an online, up-to-date password vault means that you can pass on the login details for your accounts and services after you die or otherwise become unable to access them. Itâs also the absolute best way to make sure every password you use is unique and very complex â you donât need to remember them, the vault does that for you. We wrote a post on this here: Do you want to know more?
Using a service like LastPass is good for basic user account information, the data is stored on the LastPass servers. Another similar service is 1Password which stores your data in an online encrypted store.
KeePass is another password vault, but unlike LastPass and 1Password, you can store different types of information and add comprehensive notes and attachments. KeePass data is saved in a standalone database, so can be saved into various online and offline locations (you can use synchronisation plugins to keep them all up-to-date) The database is encrypted with a master key.
These services can be integrated into your browser and smartphone, meaning they can automatically fill in user credentials on websites and apps, a great way to make sure you use complex unique passwords for every service, and only have to remember one password!
There are other password storage services, like the ones built into your browser or smartphone such as Chromeâs password manager that syncs across your google account. They all have their own storage solutions and uses, but are typically not as encompassing and manageable as dedicated third party services, or may not have the same level of security, putting your account passwords at risk.
You should leave enough information so that your know loved ones will be able to access your password vault.
If youâre using an online service like LastPass, theyâll need to know the name of the service and the logon information.
If youâre using an offline service like KeePass, theyâll need to know the name of the service, the location of the database file and the logon credentials for the database.
Donât leave the credentials in plain text for obvious reasons, instead make the credentials sufficiently complex, but easy enough for your family to work it out. (and donât forget to update the details if you later change them)
You can leave the access details in your Letter Of Wishes with your will, and/or on a memorialised system like the Google email service (see below) that will send a message automatically on your behalf.
So the clue you leave might be âusername is my nickname then an underscore and the year we first metâ (obviously make sure you get the year right for many reasons!) and for the password âPassword format is 9999%AA99aaa%Axxxxx and is the last four digits of my mobile phone number, the email sign, my first car registration number (matching the case), the star sign and the first word from the title of my favourite filmâ
This should be sufficient to allow your family to be able to find and access your password store, from there they can log into your accounts and carry out any additional wishes you may have made.
Quite a few online services have considered what should be done with your online digital data once you are no longer able to manage it yourself. Some will simply freeze the account and put restrictions in place, others allow you to pre-configure actions.
We particularly like the Gmail way of configuring an account thatâs not logged into for so many days, particularly the email facility. Combined with an encrypted attachment, this could be a secure way of passing on your account credentials if you are no longer able to access the information.
Facebook have a facility to memorialise and account if the account holder passes away. This locks the account down but keeps it visible so friends can family can share memories to it.
Itâs a good idea to add a legacy contact to your account, this is someone who can manage your account once itâs been memorialised. A legacy contact can put a pinned post on your memorialised profile page, manage and delete tribute posts, see posts that your account is tagged in, respond to friend requests and generally manage your account. They can see all your posts (even ones set to private) but wonât be able to read your facebook instant messages.
To add a legacy contact, go into your Facebook settings, click EDIT next to Memorialization Settings and then type in a friends name and click ADD. Here you can also set if your legacy contact can download a copy of your Facebook data once your account is memorialised, and request that Facebook delete your account rather than memorialise it.
A memorialised account has âRememberingâŚâ in front of the owners name. It can still be tagged in posts and photos, and content you created will remain on Facebook unless the account is deleted. If you were the admin of a page on Facebook, that page will be deleted once your account is memorialised.
Once an account is memorialised it can not be logged into, even if your family have your login details. If you have not appointed a legacy contact, your account will not be able to be changed in any way.
To notify Facebook that a user has passed away, and change the account to a memorialised one, a friend or family member needs to contact Facebook via the memorialisation request page and send a copy of the death certificate.
If you are an immediate family member, you can request the account be removed rather than memorialised. To do this you need to send Facebook proof of your relationship to the account owner.
People with Google accounts can use the Inactive Account (IAM) Manager to determine what should be done if they can no longer access their account. This needs to be setup in advance so Google knows what your wishes are.
If the IAM is not setup, immediate family members can submit a request to Google to close a deceased personâs account, obtain information from their account and request a return of any funds in their account.
The Inactive Account Manager can be configured to manage your Google data if you canât log into your account.
You can access the Inactive Account Manager Here: https://myaccount.google.com/inactive
You can choose how long your account needs to be inactive (inactivity is determined by a combination of last sign-in, activity listed on your Google Activity log and logins from Gmail and Android) before the Inactive Account Manager takes over.
Once the Inactive Account Manager takes over, the first thing you can set it to do is send an email and text message to you to check youâre not available. If there is no response to these communications, the Inactive Account Manager will then carry out your instructions.
This can include an automated email from your gmail account. You can email upto 10 people and you can grant them access to various Google services, such as your photos store, contacts, Google Drive, Hangouts, Maps, My Business and so on (see the Google Dashboard below) Google allows you to add the recipientâs phone number for verification before they can access your data, and you can add a personal message which will be sent to the recipient.
This is a great opportunity to include the details of your password vault, but make sure you keep it up to date if you change the service, location or credentials.
You can also configure an automated reply if you use your Gmail account, informing anyone who emails you, that you are no longer using this account.
Finally you can instruct Google to delete your account and all your data after three months.
The Google dashboard will show you which services you have on your Google account, access it here: https://myaccount.google.com/dashboard
Twitter have a policy of deleting a deceased user once they are made aware of the need to.
Using the online form, you can notify Twitter of someoneâs death. Twitter will follow up these requests to verify them before acting.
Once they have confirmed the request, the users account will be removed. Therefore if you have any posts or media on your account that loved ones want to treasure, they need to make a copy of them first.
Instagram offer an account memorialisation service. Once a request is made to memorialize an account (including a proof that the requester is an immediate family member, and that the account holder has deceased) the account is frozen. No one can log into the account and the account will not appear in the Explore Instagram section, but the account content and comments will remain visible.
If requested by a confirmed immediate family member, instagram will delete the account and all itâs data.
WhatsApp donât have any facility to manage deceased users accounts, so youâll need to be able to access the deceasedâs phone to manually delete their account.
Snapchat have a policy of deleting deceased users accounts. To report a user deceased you need to send a copy of the death certificate to snapchat via their support page https://support.snapchat.com/en-GB/i-need-help?start=5640758388326400
Alternatively you can log into the deceased users account if you know their credentials, here https://support.snapchat.com/delete-account and manually deactivate the account. After 30 days the account will be permanently deleted.
LinkedIn have a form to report deceased users accounts to, you can find it here https://www.linkedin.com/help/linkedin/ask/TS-RDMLP?
On the form, you need to give the name and URL of the deceased personâs profile, your relationship to them, the date they died, their email address, a link to any obituary or relevant article, and any additional information such as a copy of their death certificate.
Once LinkedIn have confirmed the request, the account will be closed and the users data deleted.
Apple donât appear to have any specific facilities for dealing with deceased users accounts. In the iCloud terms and conditions is the following statement:
Unless otherwise required by law, you agree that your Account is non-transferable and that any rights to your Apple ID or Content within your Account terminate upon your death. Upon receipt of a copy of a death certificate your Account may be terminated and all Content within your Account deleted.
This is a problem as any photos stored on an individualâs iPhone for example (and even synced to their iCloud account) will be inaccessible to their family. Apple have been quite blunt and unsympathetic to recently widowed individuals in not helping them get access to a deceased personâs account.
In a very recent court case a widowed wife who was unable to get Apple to give her access to her deceased husbandâs iCloud account, which among other things contained all their family photos and videos took the company to court.
It took three years of legal wrangling, costing thousands of pounds, and even though she had a Grant Of Probate, Apple still refused to give her access until a judge passed a court order ordering Apple to let her access the stored data.
Simply, if you use an Apple device and iCloud you must make your own provisions to pass the account and itâs content on.
Microsoft donât have a memorialisation process. If you have access to the account, you can download the information from it then request the account to be closed. If an account is not used for two years, it will be automatically closed.
When an account is closed, itâs held on Microsoft servers for 60 days so you can recover the account in that time if needed.
Once the account is closed, any associated accounts will be closed also.
To close an account you donât have access to, you need to submit a court order to access the account.
To close a Microsoft account, you should follow the following steps:
Pinterest donât have a memorialisation service, they will delete an account once they are notified of a users death. To notify them, a relative needs to send an email to care@pinterest.com with proof of the deceasedâs passing, their account details and proof of their relationship to the deceased.
Pinterest do not suspend inactive accounts, so unless they are told otherwise, an account will remain active perpetually.
Yahoo have a procedure in place to manage a deceased users account, which includes suspending any premium services and billing, and then deleting the account.
You need to send the following documents to Yahoo:
Yahooâs customer service can help you with this process.
We can help you make sure your user account details are held in a safe and secure location, and help you create policies for managing your accounts if you are unable to. Contact us today to find out more.
Leave a Comment