We talk a lot about data ownership in the context of retaining control of the information you create via online services. But let’s say I use a service that’s actually pretty good about keeping me in control of my explicitly stored data — Gmail, for example — does that control survive my own death?
Put more simply, can my wife inherit my Gmail account when I die?
This is more than an academic exercise: I have a number of online accounts and services that send primary notifications to my Gmail account. It’s entirely possible my wife may not be able to access my Health Savings Account or Roth IRA in a timely fashion without access to my Gmail account.
The easy answer is to leave credentials to my account in a place my wife knows to find them in the event of my untimely demise. The only problem with that plan is impersonating a Gmail user is a violation of the Gmail terms of service. Google is unlikely to know the impersonation is happening, and unlikely to care in the majority of cases, but on the off chance they find out my wife is logging into my account after my death, they can suspend or terminate the account at their discretion. This more or less obviates the whole reason for giving my wife access in the first place.
Gmail is a service, not a product, and my use of that service is non-transferrable. If I die without giving my wife my Gmail password, the account will be automatically deleted nine months after my date of last login. If I do give her the password, I run the risk of Google deleting the account the second they realize my wife is impersonating me. Google is far from alone in this, and actually has some of the more well considered data privacy and ownership policies out there.
So, is there a way to bequeath my Gmail account to my wife? After a fashion, yes.
First, I can delegate access to my Gmail account. Now, this isn’t necessarily the intended use case for mail delegation; the functionality was designed for someone like a personal assistant or secretary to send, receive and even delete Gmails on my behalf. If I gave delegate access to my wife, she couldn’t change my password, alter my settings or use Gchat or Google Hangouts via my account. I’d also have to establish delegation before I pass away, which means my wife gets secretarial access to my Gmail for a good long time — perhaps decades — before I drop the mortal coil. I trust my wife, so it’s not a problem, but that’s a security hole not everyone is comfortable with. It also requires some forethought and planning. Delegation is one of those “I wish I’d thought of that before” solutions. After I’m gone, it will be too late.
If I haven’t granted delegate access but my wife still needs some of my Gmail data, she can apply for access to the contents of my Gmail account after my death. However, there are some moderately strenuous legal hurdles for her to jump, not least of which is A) having received a message from my Gmail account before, B) a copy of my death certificate and C) a court order showing she’s entitled to the account. And even if she gives all of that, it’s possible Google could deny her request at its discretion.
Now, these are entirely reasonable privacy protections on Google’s part. For all Google knows, my wife may be a suspect in my murder (not that any jury would convict; I will totally have had it coming), and giving her access could muck up a criminal investigation.
Even if my wife gets the contents of my Gmail account, she won’t get the account proper. She won’t be able to send or receive mail from the account, let alone use it to confirm transfer of, say, our automatic bill payments from my account to her own. Again, that’s a perfectly reasonable stance on Google’s part, but it leaves a great gaping use case problem for those of us that employ Google Oauth to access other critical services.
My wife doesn’t care a whit about getting my Gmail correspondence, by and large, but she cares a great deal about the Picasa photos (especially the ones uploaded via Google+ through my Droid smartphone) of our daughters. Eventually, my wife can get hold of those, but it probably won’t be easy and almost certainly won’t be fast (unless she breaks the rules and simply pretends to be me).
And what if I don’t want my wife to get access to my digital data? I obviously wouldn’t bequeath her my password, but she could nonetheless apply for and possibly be granted the contents of my accounts as my legal beneficiary. If she moves quickly (as in, before the nine month deadline is up) she could get all the data I don’t want her to have.
So what’s the answer? Simple: Treat my virtual assets the same as my non-virtual ones.
If I own my data, I can establish its disposition in my will the same as I would my car, my house, my investments and my comic book collection. My online services should have the facilities and the policies to recognize any data bequests and beneficiaries I establish beforehand.
This is a use case in desperate need of address, and not just in the small-scale scenario of my wife outliving me. What happens if I die without giving my business partner rights to my Gmail account (or Google Apps mail account), from which I conduct occasional customer correspondence? What if my business goes under, and a creditor claims our intellectual assets as part of the bankruptcy firesale? An ounce of prevention is worth a pound of cure, and online services should have policies and processes in place before I die to establish the chain of ownership of my data.
In the future, we’ll all need to name a digital beneficiary. Online services should offer that nomination today. Most don’t which is why you should maintain a an independent backup of all your online data — including (or especially) a Gmail backup.
UPDATE: This post was originally published on Mar. 1, 2012. It was updated to reflect Gmail delegation and because Halloween is a great time to discuss the afterlife, even for Gmail accounts.