In keeping with the hallowed death festivals of this time of year, let’s chat a bit about post-mortem privacy, i.e., privacy after you die. Under most privacy regimes, people stop having the right to privacy once they die. For instance, our country follows this trend but uniquely extends it to juristic persons (like companies and trusts).
Globally, the main reason for stopping privacy on death appears to be that the law ties privacy rights to the right-holder’s life. So, once your life ends, your privacy rights end. However valid the reasoning for stopping privacy on death might be, society has reached a point where emerging technologies rapidly increase our information legacies.
Specifically, in the digital age, the information legacies of dead people are increasing exponentially. The result is that we have enough data on the dead to re-create their lives using emerging technologies like AI and holograms. So, practically speaking, we’ve reached the time where it’s not challenging to visualise having a conversation with a deceased loved one, represented in holographic form, based on data accumulated from their social media accounts.
Thus, the post explores the legal meaning of death and explains why the law currently ends privacy on death. Then, we consider whether the law offers any legal protection for the dead. Next, we explain why some people call for post-mortem privacy and the leading legal approaches to the topic. Finally, the post ends with actions you can take.
What does death mean?
Here we’re not taking a philosophical approach to death’s meaning; instead, we’re focusing on when the law considers a human to be dead. Internationally, legal death depends on when the laws of a specific jurisdiction decide that a human is no longer alive. So, for example, in ZA, while there is no legal definition for death, we have a legal framework for guidance.
In the ZA case of S v Williams, the court said the country adopts the ‘traditional view of the community in declaring the deceased to have been legally dead when she stopped breathing, and her heart stopped beating’. However, under our National Health Act, ‘death’ means brain death.
So, once someone is brain dead, they’re generally considered legally dead.
What about juristic persons? Again, it depends on the laws of a specific jurisdiction. In ZA, a company is considered ‘dead’ when the CIPC deregisters it from their database.
Why does privacy end on death?
Let’s start the conversation with how the law sees humans. In essence, humans (what the law calls natural legal persons) can hold rights. This ability flows from what is known as legal capacity, i.e. the capacity to have rights and duties.
Specifically, some of these rights are personality rights; humans hold them because they arise from their legal personality. An example of a personality right is the right to privacy. But once a human dies, they’re no longer a legal person. So the effect is that the rights attached to their legal personality, like privacy, fall away. Plus, the same reasoning applies to juristic persons.
Similarly, data privacy laws like POPIA only apply to living humans and juristic persons. So, the protections in these laws don’t extend to the dead.
Does this mean the dead have no legal protection?
Well, yes and no.
The dead can’t hold any rights, but their next of kin or other stakeholders may have confidentiality and privacy rights.
Medical practitioners’ duty of confidentiality
In ZA, rule 13—of the HPCSA’s ethical rules—states that a ‘[medical] practitioner may divulge information regarding a patient only if this is done…[i]n the case of a deceased patient with the written consent of the next of kin or the executor of the deceased’s estate’. However, the consent must be in writing. So, the practitioner has the responsibility to prove that they obtained written consent.
Privacy rights of next of kin
While the deceased’s next of kin have privacy rights, it’s unclear whether these rights extend to the dead person’s genetic material. Remember, provided they’re a relative of the deceased’s, the dead person’s DNA can be used to identify the next of kin. But, it is unclear whether POPIA or the GDPR will protect the next of kin as a data subject in this scenario.
Company stakeholders
When juristic personality ends, it’s unclear whether the company becomes a common-law association or another type of entity. However, there’s scope for company stakeholders to claim confidentiality and privacy rights for the information that the company held.
Why do people call for post-mortem privacy?
There are several reasons why people call for post-mortem privacy rights. However, we can’t address all of them in the post. So, let’s consider a few reasons through practical examples.
Social media ghosts
Social media immortalises the data of its users. They store the user’s data even if the profile is public or private. Plus, social media companies use the data to profile their users for advertising. But, consider that it can also be used as training data for algorithms that manifest dead users. For example, imagine having a conversation with a deceased relative, and it reveals scandalous secrets or opinions that are better left unsaid. But, of course, all of this may be against the wishes of the dead person.
Advanced neurotechnology
Recently, Microsoft secured a patent to download consciousness from the human brain and represent humans as chatbots.
Artificial intelligence ancestors
Richard Branson and Deepak Chopra are looking at immortalising themselves through AI that holds their consciousness. In theory, neurotechnology would develop to the point where neuroscientists could map consciousness. In short, they would use neurotechnology to represent consciousness in data form. Then, algorithms would learn from this data and simulate the dead human’s decision making. The result is an AI ancestor. Further, the dead person could take human form through humanoid robotic technology or holograms.
In sum, considering these examples, it makes sense that people call for a relook at privacy rights for the dead.
The legal approaches to post-mortem privacy
There are two main legal approaches to recognising post-mortem privacy.
- Testamentary rights. Here, the dead person would deal with their information legacy in their will. For example, article 25 of the Rwandan Data Protection law grants the right to designate an heir to personal data.
- Personality rights. The law would extend the deceased’s privacy rights beyond death.
In our view, whatever approach a jurisdiction takes needs to respect the wishes of the dead person in question.
End thoughts
Our findings suggest that the information about the dead needs legal protection. Whether post-mortem privacy is the solution is not yet clear. In other words, we’re not certain whether the law should prolong privacy after death. What do you think?
Next steps
- Stay on top of the data protection insights about dead people by subscribing to our newsletter.
- Protect data protection rights by asking us to join our data protection programme.
