What happens to your data when you die?

This is a sensitive and thorny issue with no clear legal guidelines, but we will give you a few tips on handling post-mortem data to minimize potential abuse and threats.

What happens to your post-mortem data?

Most social media platforms allow you to close down the deceased person’s account, but whether the data it holds disappears is still an open question. Data collection is usually defined in terms and conditions agreements. When you are still alive, you can opt out of the service by canceling your agreement or even by trying to challenge it. When you die, however, you can no longer do this. The corporations continue owning your data and can even pass it to third parties. This is usually what happens to your data when you die.

For example, Google has no mechanisms to determine that specific data belongs to a deceased person. They can keep such data for an unspecified period of time. Even if someone asked Google to delete it, it might still exist on their backup servers. The same goes for other social media platforms.

Issues also arise with the data you purchase. Here again, the legal system has failed to catch up with technological advancements, which creates a gray area when it comes to post-mortem data. It’s not easy to transfer ownership of things you don’t own. Even if you legally download data created by somebody, you don’t technically own it — you just have the license to use it. This license expires when you die, so your relatives can no longer claim ownership.

How to avoid post-mortem data issues

You should prepare for the handling of your post-mortem data in advance. Otherwise, corporations will keep your data as their property and your significant others will have a hard time retrieving it. In 2020, for example, a man in the US had to battle Apple for months just to retrieve his murdered wife’s family photos. Take these steps to avoid confrontations later on:

• Use Google’s Inactive Account Manager. It notifies someone if your account has been inactive for a certain period of time;
• Include the digital property in your will and appoint a digital executor who will ensure that your will is fulfilled. Read on to find out what data falls under the definition of “digital property”;
• Leave your passwords to the people you trust so they can close down your accounts or retrieve precious data. But do not write them down in your will, as they might become publicly visible;
• Think carefully about everything you share and entrust to digital platforms;
• Appoint a "legacy contact" on Facebook. This way, you will determine who can manage your account after your death;
• If there are things you really don’t want anyone to see, you should encrypt them with a file encryption manager. You can use our lightweight and simple NordLocker app. It will encrypt your files so that no one will be able to decipher them without your permission. We also recommend against keeping personal or confidential information on social networks, Google’s cloud services, or any online platforms managed by third parties, as most of them can monitor and collect your data.

What is digital property?

Here’s what constitutes your digital property and can be included in your testament:

• All your hardware devices with memory storage;
• All your digital data stored on a device or in cloud storage;
• All your online accounts and domains;
• Your digitally created intellectual property.

How to handle the account of a deceased person

Here’s why it’s important to manage the accounts of the deceased:

• They could interfere with emotional healing and moving on;
• The data within may help provide a sense of closure and acceptance or provide fond memories;
• They pose security threats, as someone could hack them and extract your deceased relative’s personal data and credentials. In a more gruesome scenario, a cybercriminal could start posting something or send private messages from that account;
• Scammers might use the profile to their malicious advantage (like identity theft);
• Platforms can still extract and manipulate the data of your significant other.

Here are a few tips on how to handle accounts of the deceased:

• Memorialize or close down the account. You can memorialize accounts on Facebook and Instagram, in which case the platform will indicate that this is a memorial account for a deceased person. You won’t automatically get access to the person’s activity while they were alive, though. Facebook and Instagram also allow you to close a user’s account if you provide them with a death certificate. On other platforms, including Twitter and LinkedIn, you have to submit special forms to close down the account;
• If you need to obtain certain data from such an account (e.g., family photos), do so carefully, without violating the person’s privacy. If you don’t have the password, contact the service provider with a request to obtain it;
• Immediately inform the service provider or even the cyber police if you notice any suspicious activity on an account;
• If you want someone’s data to be completely wiped out, request the service provider to do so. But, as we mentioned above, there is no guarantee they will remove it completely.
• Use a service like Incogni to remove their personal data from data brokers who might be profiting from it.

Of course, NordVPN is one of the many apps you or a loved one may have on their device. Our mission is to protect your data and keep it private, so we only store very minimal information about our users. However, if you do want to delete a NordVPN account, it’s a very simple process, and won’t take long.