In the area of digital market, the consumer is often baffled when purchasing products and using online services. A major problematic that has emerged recently is the level of online exposure of the consumer from the aspect of digital property (or digital assets) they possess and how the online service providers protect the user and ensure their rights.

Although there is not a definitive legal term for digital property/assets, it could be described as a plethora of online data that include, non-exhaustively: films, eBooks, Twitter accounts, Facebook profiles, emails, music, Google accounts.

Their value, beyond sentimental is also financial and should not be underestimated; according to a review conducted by Rackspace, a cloud intermediary, one quarter of 2000 users who participated owned online content such as music and audio-visual material that cost £200; in the United Kingdom the total worth of this online material can be calculated roughly at £2.3 billions. 

Nowadays, the ambiguity of End-User license Agreements, the lack of sufficient legal and judicial interpretation of property rights on these digital assets, such as emails, the insecurity of the consumer of the proprietary and ownership status of their online possessions, whether their acquisitions are transmissible upon death and the post-mortem privacy are some of the growing concerns regarding consumer safety. 

Emails: Do they constitute digital property? Is their author legally entitled to rights?

Emails are regarded as a method of exchanging electronic correspondence online, usually relating to the content of the text itself, alongside the files attached. Initially, users may be entitled to proprietary rights to the information contained in emails. The information within the emails can be of varying nature; personal, merely stating facts, or even pertain to sensitive information.

Property law has not been including this type of data under its protective scope. The problem lies to the fact that the data included in an email cannot be a commodity or an asset. Although protected by data protection, by tort law for instance, only abstractly it can be discussed. This is reflected in the well-known case of In Re Ellsworth.  Emails were not discussed by the Court if they ensure any property rights, and no relevant doctrine was formed. 

English case law seems to follow the same approach, where the information contained in letters has been challenged whether is considered property. More recently, in Fairstar Heavy Transport N.V. v. Adkins, the emails, according to Justice Edwards-Stuart, cannot generate proprietary rights. The importance of the employee’s emails’ content was such, that the claimant company argued its property rights on them. For Justice Edwards-Stuart, nothing but the tangible item containing the data can be subject to property rights, dismissing any feasibility of applying property rights on such medium.

The matter is further perplexed as, even though the author can have copyright rights over the tangible messages, emails involve the service provider. Despite this, for Darrow and Ferrera, the account is a property of its user, but the emails stored in the online server intermediary become temporarily controlled by the latter. 

Had the consumer the possibility of ownership to the content of this type of digital asset, they would be able to enjoy their rigid enforceability; if the users were entitled to full ownership of the content, this could ensure protection from those attempting to breach the right to property ,both service intermediaries, as well as against anyone else. 

The example of eBooks: another lack of consumer’s security threshold and ‘license or property’ confusion 

Amazon, in July 2009, deleted every online Kindle eBook purchased copy of George Orwell's Animal Farm and 1984, without prior informing or requesting approval from the users. The users soon realised that the purchased books had vanished, albeit legitimately acquired, and their personal memos were now of no use. The company argued that their own self upload mechanism was unlawfully used by thirds and the deleted copies were copyright infringing; Amazon removed these copies in response to this unsupervised and violating act.

These deletions brought into the spotlight the security issues of online services’ customer security, the rapid technological evolution and accessibility. This was the onset of a series of concerns regarding the bargaining power that the online service providers could exercise upon a user.

The consumer is exposed, by abiding to terms and conditions that has little or no say at all, the commonly used End - User License Agreements (EULA), which appear at first glance as binding contracts, over whose terms the consumer possesses no bargaining power. 

This is further perplexed by the ambiguity over the terms’ clarity in possessing the eBook as property or merely as license. Only a mere access to the purchased eBook is given to the user, as license indicated by the EULA, not right of property in a digital form. Nimmer and Dodd describe that “the license is an agreement that deals with, and grants or restricts, a licensee's contractual right, power privilege or immunity with respect to uses (including allowing access to) information or rights in information made available by a licensor.” Subsequently, the rights conferred upon the user only last until death and cannot be inherited or regarded as any form of personal asset.

Nonetheless, this lack of the users’ proprietary rights still does not justify Amazon’s permanently and unilaterally deleting, without prior consent, the users’ eBooks. The consumer is entitled to prior knowledge of any invasive act such as file erasure; additionally, the company’s EULA enables the user to remotely access the digital file and unrestrictedly watch/read it. Having breached the users’ right to access and viewing of their legally purchased items, Amazon contravened their terms of the agreement.

Even though Amazon finally settled, by formally agreeing to not proceed with any deletions of consumers’ eBooks, uncertainty prevails among the users regarding the real nature of their purchases. It goes beyond the feeling of disloyalty of such a well-known company, although they were reimbursed. Amazon is not the only digital platform that utilises such terms to control their content; the outcome of this case only shed some light to one specific incident. Not enough caselaw and remedial measures have been produced in this area of excessive online service intermediary bargaining power over users;  EULAs remain the principal category of contractual relations between the provider and the user during the majority of financial dealings, receiving judicial endorsement as well. 

The case of social media and digital intermediaries: post-mortem transmissibility and jurisdictional conflict 

Should deceased online users have their data protected after death? Ambiguity surrounds this subject, whether the privacy and data of the deceased should be protected. 

The data created by users online are under the scope of protection of digital online intermediaries, such as Facebook, Twitter, Hotmail. The ownership of content of the online digital material the Facebook users create, such as photos, statuses, timeline activity, are subject to the terms of Facebooks contract. The users cannot utilise their profiles unless under the terms of the contract with the intermediary; this enables Facebook to regulate that any content created on their service is thereby owned by them, through non-exclusive license. The intermediary contract of Facebook may be the only one slightly more detailed on what happens with the account post-mortem; the majority of online contracts, such as Twitters, provide no information regarding post-mortem transferability. Facebook’s policy involves the straight refusal of providing the administrator and legal inheritor with the credential to access the account.  Only in the section of ‘Help’ can the inheritor find the necessary information, whereas in the Terms and Conditions of the contract this is not evidently written, whether Facebook opts to grant/facilitate access to the heirs is dependent upon their own goof practice .The newest policy of Facebook’s Memorialisation Request can give access to nearest family members to the content of the online account of the departed individual; however, in some cases, such as in Scotland, the family members may not coincide with the legal beneficiaries, according to the will of the departed, depending on the legal system. (Succession Act 1964).

This policy refers to the ‘Statement of Rights and Responsibilities and Data Use Policy’, which, however, is not very specific and only one condition, the Memorialisation process, pertains to the access and management of the account. Facebook is not even bound to follow any specific procedure, only some unstipulated conditions, but it has the flexibility to terminate and memorialise an account unilaterally. 

The protection of the consumer can be hindered and not regulated because of jurisdictional and legal tradition clashes.

In the USA, the protection of the deceased would be a matter of interest clash against the heirs. In these cases, the online content of the departed, such as digital profiles and electronic correspondence was not allowed access by the family. This was the case after Sahar Daftary’s death, where the Court interpreted that the Stored Communications Act would prohibit an intermediary such as Facebook to reveal the content of the online correspondence during trial.

The option for Facebook to release the content of the account to the family was not clarified by the Court; the descendants were confused and left behind a veil of ambiguity. (In re Request for Order Requiring Facebook, Inc. to Produce Documents & Things United States District Court, N.D. California, San Jose Division.Sep 20, 2012923 F. Supp. 2d 1204 (N.D. Cal. 2012))

According to the English legal doctrine, actio personalis moritur cum persona is the dogma that stipulates that the individual upon death ceases to become defamed, for instance, or be personally infringed. Among the EU countries, there is recognition of post-mortem rights, albeit not consistent. In France, in SA Editions Plon v Mitterand, upon death of the proprietor, there is no question of an infringing act against the privacy rights of the alleged holder of this right, according to the Court of Cassation. In Germany, the approach is more financially oriented, and these rights do not cease upon death, but they are parallel with the commercial ones. This was illustrated in the Mephisto and Marlene Dietrich cases;  both the financial benefits of the departed were deemed as subjects of protection, but also it was emphasised that their privacy should be awarded the same level of protection. 

Article 8 of the European Convention on Human Rights does not foresee any relevant protection for the privacy of the user post-mortem. In the EU, the privacy as a component of human rights can be recognised only to individuals during their life, as the plethora of relevant EU case law from the European Court of Human Rights demonstrates (e.g. Jäggi v. Switzerland, no. 58757/00, ECHR 2006-X; Estate of Kresten Filtenborg Mortensen v. Denmark no. 1338/03, ECHR 2006-V; Koch v. Germany no. 497/09, ECHR 19/07/2012).

Unavoidably, there is no unified approach to privacy or property protection of the deceased user; consumers are often bewildered under loads of different terms, conditions and license agreements. The future of consumer privacy on cyber transactions may not be fully clear yet; but in such an everchanging and evolving world, the world of data, the levels of ensured protection will need to adapt accordingly.

Maria Apostolidou

Maria is a trainee advocate, expected to become a Greek licensed barrister in spring ’21. She completed her LLB at the Aristotle University of Thessaloniki (with an Erasmus+ year at the Université Libre de Bruxelles), and continued her LLM in International Commercial Law at the University of Strathclyde. She is interested in commercial law, with an emphasis on e-commerce, intellectual property, international business law, and EU legislation affairs.