The succession of digital heritage | futureTEKnow by Raffaella Aghemo

Digital is fast paced and it upsets the social, economic, and legislative paradigm. The consequence of the Covid pandemic is to think quickly and concretely about the “after”. Since the first months of 2020, the “digitization” of processes has taken over and has, as a consequence, “leavened” the baggage of our “digital goods”. But the next question is: what happens to our “digital heritage”? What are the regulations that can help the “transfer” of our “digital life” to our legitimate heirs and beyond? There is a regulatory vacuum in the current legislative landscape. In Europe, and especially in Italy, there is no specific regulation in this sector, even for the exponential growth of the digital reality in recent years, and it is known that the law always arrives with a fair amount of delay. Often, it is not only Italian legislation that dictates the rules, but it is also necessary to refer to private international disciplines since our data do not necessarily reside in the State of origin. So what should we do? We will try to give some food for thought.

Online current accounts

If, for online current accounts, recourse to the discipline that operates for the real ones can help, so that, upon the death of the deceased, the stocks in the current account of the same, legitimately pass, after succession, to the heirs and beneficiaries, the discipline for other areas appears less easy. Each one of us has his own digital identity, made up of e-mail accounts, social accounts, administrative IDs, and also any wallets with digital currencies. By now our life is marked by “user” and “password”, whereas before that by paper documents and “addresses”.

Privacy policy

The entry into force of the GDPR in the area of privacy has strengthened the protection of our personal sphere, but has also fuelled difficulties in accessing it. The same Recital 27 of the GDPR states that it is not applicable to the “personal data” of the deceased, referring the relevant regulation to national regulations: “This regulation does not apply to the personal data of deceased persons. Member States may provide for rules concerning the processing of personal data of deceased persons”.

Some regulatory “handholds” come to us from Art. 2-terdecies New Privacy Code — Legislative Decree 196/2003 updated to Legislative Decree 101/2018, on Rights concerning deceased persons:

1. The rights referred to in Articles 15 to 22 of the Regulation referring to personal data concerning deceased persons may be exercised by those who have an interest of their own, or act to protect the person concerned, as their representative, or for family reasons worthy of protection.

2. The exercise of the rights referred to in paragraph 1 is not permitted in the cases provided for by law or when, limited to the direct offer of information society services, the data subject has expressly prohibited it by written declaration submitted to the data controller or to the latter communicated.

3. The will of the interested party to prohibit the exercise of the rights referred to in paragraph 1 must be unambiguous and must be specific, free and informed; the prohibition may concern the exercise of only some of the rights referred to in the aforementioned paragraph.

4. The interested party has at any time the right to revoke or modify the prohibition referred to in paragraphs 2 and 3.

5. In any case, the prohibition may not have prejudicial effects on the exercise by third parties of the patrimonial rights deriving from the death of the interested party as well as the right to defend their interests in court.

The following elements may therefore fall in succession:

Let us examine the individual disciplines.

Digital signature: in Italy this is regulated by CAD (Digital Administration Code), it is an advanced form of electronic signature, processed with double asymmetric key cryptography, one public and one private. However, as it represents an univocal instrument of connection of the signatory, it is untransmissible, as it is intimately referable to the holder!

Electronic signature: this tool has different hierarchies of modes, since it can be simple, advanced and qualified, with different “skills” and “abilities”; if the first one (e.g., the first one is a signatory, the second one is a signatory), the second one is a signatory. If the first one (e.g. e-mail) is represented by the set of electronic data that lead back to a person (such as user and password or pin), but that do not guarantee the irrefutable origin of the owner, the second one guarantees the authenticity of the signed document, for example with “graphic” signature on touchscreen; finally, the third one is the most “secure” because it uses the most modern digital means, of which only the legitimate owner (token, smart card, USB) is available.

Credentials: these are those elements that “identify” us in order to access certain “services”, and/or products, such as physical resources such as hard disks, PCs, tablets, smartphones. The problem that arises here is the possible accessibility to all resources, for example, contained in a smartphone or PC, which has stored the access passwords of the user and who has the right to access them. Here the discipline is “crumbling” into several regulations, so if the current account and related Home Banking service will be the responsibility of the heir, the fate of the e-mail account or social network could be different.

Generally speaking, the credentials follow the “path” of the digital asset to which they refer.

Electronic mail: if the off-line material, stored on physical supports, remains in the obvious availability of the heirs or assignees, the regime for the contents stored by the providers is different: Italian law would grant access, but distinguishing between professional and patrimonial contents, open to the heirs, and personal contents, accessible only by the next relatives; but some support its accessibility, only if foreseen by testamentary disposition, while others totally exclude it from the inheritance regime. Since the data concerned are personal data belonging to the personal sphere of the deceased, there is usually a tendency to resort to the decision of the provider and, as a last resort, of a judge.

Hardware: nothing in relation to physical media containing data owned by the deceased which will pass into the inheritance system, unless they involve the rights of third parties (e.g. copyright or material related to the professional sphere of a company).

Originally published at https://futureteknow.com on November 20, 2020.