Today, the importance of data privacy and security is unquestioned. Nevertheless, the handling and access to password-protected accounts (such as email) after the death of the accountholder receives surprisingly little attention. At issue is the delicate balance between a decedent's personal privacy interests and a personal representative's right to access the decedent's property. The Massachusetts Supreme Judicial Court recently addressed this issue in a case with broad implications. In Marianne Ajemian v. YAHOO!, Inc.1, the siblings of the decedent, John Ajemian, were appointed personal representatives of his estate and sought access to his Yahoo email account.
By Massachusetts statute, a personal representative "has a right to, and shall take possession or control of, the decedent's property."2 After John's death, the personal representatives contacted Yahoo and asked for his email account's contents. Yahoo refused to comply with this request. In its response, Yahoo argued that it had two relevant obligations preventing disclosure: the Stored Communications Act (the SCA) and Yahoo's Terms of Service Agreement. The court decided that the SCA did not prevent disclosure and, although the issue of whether the Terms of Service Agreement may prevent disclosure was remanded, the same result seems likely. Accordingly, many websites will want to consider minimizing their liability by updating their Terms of Service Agreements and developing a system to handle requests for disclosure from personal representatives. Similarly, good estate planning will need to take into account a personal representative's likely ability to access the decedent's electronic records.
The court in Ajemian did not reach the question of whether the Terms of Service Agreement prevented Yahoo from disclosing the emails, but it did clearly decide that the SCA did not provide grounds for preventing access to John's emails. Among other things, the SCA bars service providers from releasing a user's stored electronic communications, such as email. There are, however, several exceptions including the "lawful consent exception." The personal representatives argued that "lawful consent" means implied consent and that the statute quoted above granting them access to the estate allowed them to provide implied consent. Yahoo, in turn, argued that "lawful consent" means actual consent, which would require John himself to provide consent. The court decided implied consent was enough, thus removing the SCA as an impediment to the personal representatives accessing the email account.
Although the court held that the SCA does not prevent personal representatives from accessing a decedent's email account, it left open the question of whether a website's Terms of Service could prevent such access. In ultimately making this determination, a balance must be struck between the decedent's privacy interests and the personal representative's right to "take possession" of the decedent's property. A court may view granting access to a password-protected account as the natural extension of granting access to a locked file cabinet. Therefore, a court would likely rule that the rights of a personal representative control over a Terms of Service Agreement.
As a result, this case has two major implications: 1) data hosts (e.g., website hosts and social media platforms) may need to revise their Terms of Service Agreements to further address how they will protect customer data, and 2) estate planners should carefully consider their clients' postmortem data privacy interests. One approach that a data host may adopt is to require a court order before turning over any customer data. This method prioritizes customer privacy but results in further expense to the host. On the other hand, a second approach is to merely require a request from a personal representative to turn over any customer data. This method will likely result in more customer data being shared but save the host and personal representative considerable expense. In adopting this approach, hosts will have to decide what kind of proof they will require to establish someone as a personal representative. A document such as the Letters of Authority from the probate court would be a good candidate.
Estate planners should consider obtaining passwords to key accounts as good estate planning practice. This will help ensure that personal representatives do not have to rely on Terms of Service Agreements to grant them easy access to decedents' accounts.
1 478 Mass. 169 (2017).
2 G. L. c. 190B, §3-709(a).
Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem. Moreover, the laws of each jurisdiction are different and are constantly changing. If you have specific questions regarding a particular fact situation, we urge you to consult competent legal counsel.
Please note that email communications to the firm through this website do not create an attorney-client relationship between you and the firm. Do not send any privileged or confidential information to the firm through this website. Click "accept" below to confirm that you have read and understand this notice.