What happens to our virtual account or digital asset or data after our death ?

What happens to our virtual account/ digital asset or data after our death?

It is a settle fact that in our modern age, Data is oil or air of this virtually physical era, where we are more concerned about our virtual presence than that of physical one. When we are living, we continue to add or keep various data which is personally identifiable or personal data like person’s name, picture, online banking data, contact details, location data, race, sexual orientation, social security number, location, online identifiers and genetic information and face orientation etc with various online platforms. We are the owners of those sensitive personal data and which are our personal assets as well.  

Now the question is if data we share or preserve or upload is our assets then what will happen to that assets after our death or can we make an will or can our heirs inherit the same after our demise or can we make an Will of our digital asset or bequeath the same in favour of our heirs …..let’s find out.

What is Data?

         THE INFORMATION TECHNOLOGY ACT, 2000

         2. Definitions.—(1) In this Act, unless the context otherwise requires,—

         (o) “data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;

Let us understand the duties of the intermediaries or third-party service providers under Information Technology Act, 2000 which is Indian Cyber law.

Social sites and other online service providers must comply followings:

         SECTION 43A. Compensation for failure to protect data.–Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

         Section 72A. PUNISHMENT FOR DISCLOSURE OF INFORMATION IN BREACH OF LAWFUL CONTRACT

         Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.

What is Sensitive Personal Data?

Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

         3. Sensitive personal data or information.— Sensitive personal data or information of a person means such personal information which consists of information relating to;—

         (i) password;

         (ii) financial information such as Bank account or credit card or debit card or other payment instrument details

         (iii) physical, physiological and mental health condition;

         (iv) sexual orientation;

         (v) medical records and history;

         (vi) Biometric information;

         (vii) any detail relating to the above clauses as provided to body corporate for providing service; and

         (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

As per GDPR ARTICLE : 4

         ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

         ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Will and Passwords: Controversy:

         In making the will of one’s digital asset the person cannot mention the

         password or other sensitive data in his Will as the said will my be

         exhibited in any proceeding and proved in open Court of Law when probate is obtained, which may create a huge security breach issue.

Aadhaar, Locking Biometrics and Inheritance:

         Among billions of Aadhaar numbers generated as per UIDAI website, there might be Aadhaar number of people who has already been expired. The scope of cancellation of Aadhaar number is absent even after the death of a person, but there is option that biometrics of the deceased can be locked. As per UIDAI, any resident with valid Aadhaar can avail the locking feature which empowers an Aadhaar holder to lock biometric.

Law of inheritance in India:

         Inheritance may be through following ways:

         Person leaving an will, which is a legal declaration carrying the intention of the person making the will with respect to his property or estate which will take effect only after his or her death.

         Or by

         Hindu Succession Act, 1956

         Indian Succession Act, 1925

         Or other personal laws

Some Instances:

1)         In 2005 Yahoo! was ordered by a Michigan Court, to release emails of deceased to his father.

2)        In 2018, One Dubai forum ruled that Twitter, Facebook, and others social media should deliver digital data is accordance with a legal will.

3)        In France and Canada the owner of the data can make will or access to their digital assets.

4)        Inheritance of digital assets are accepted in other countries as well.

5)        In India we do not have any law to that effect specifically covering the inheritance of digital asset.

Indian Cyber law presently dealing with data namely Information Technology Act has from its purview barred Will and other documents, more fully mentioned in the Schedule I of the Act. As per section 1(4) of the said Act:

“Nothing in this Act shall apply to documents or transactions specified in the First Schedule:”

As per THE FIRST SCHEDULE [See sub-section (4) of section 1] amongst the documents, the following one is beyond the purview of Indian Cyber law:

“A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 (39 of 1925), including any other testamentary disposition by whatever name called.”

As if we can make a will of our movable and immobile physical assets then why not we're going to make a will or if we're not going to make an will then what will be the future of our digital asset that is data, and or if we die without making any will of our digital assets like that of our other assets acquired or inherited in our lifetime, what will be the fate of our data i.e. digital assets.

For example, can we make a will of our cryptocurrencies where it is legal!

In our Google account we might have sensitive information relating to funds in Google Pay, refreshing memories in Google Photos, important documents in Google Drive -----All these and many more in other sites, ………….your heirs may demand for their right inheritance.

If we live, if we come to this world the death is tagged with our life so everybody has to go, everybody has to die, but we do not want to accept that. The most important point is, now the time has come to think about what will be the fate of your digital data after our death and how much our legal heirs will go to enjoy your digital asset just like other assets. What is the law of inheritance of digital assets in India? How those digital assets be inherited by our heirs when we will no longer be there? What will be the fate of our Facebook account or our online banking accounts or our every kind of online social sites accounts, our virtual accounts, our virtual activities,the private and secure data, the digital currency, the digital assets in many ways, and what are the safeguard so that your data, your private data your acquired data, which you are the owner and these online social service provider are only the custodian?

In the legal side the conflict that Information Technology Act does not apply in case of Will and there lies the controversy between the Law of inheritance in India and Information Technology Act …..the need for planning of digital asset is the need of the hour, just like the other existing physical assets…but we need specific law to that effect.

 What do you think ? Please ventilate your views in this regards........

Click to see Video on : What happens to your virtual account or data after your death? Law of Inheritance of data in India |