Search Menu

JURIDICA INTERNATIONAL. LAW REVIEW. UNIVERSITY OF TARTU (1632)

Issues list

Issues

Current Developments in Legal Interpretation

27/2018
ISBN 978-9985-870-41-9

Cover image
Download

Issue

PDF

Digital Inheritance: Heirs’ Right to Claim Access to Online Accounts under Estonian Law

As we have moved more and more of our life onto the Internet, issues of digital inheritance have become all the more topical. The article takes as its main research question whether an heir is entitled to claim access to digital assets of the deceased and to exercise rights arising therefrom. In practice, many providers of Internet-based services, all over the world, seem to be of the opinion that the answer is ‘no’. The article focuses on analysing the topic from the perspective of Estonia’s applicable inheritance and data protection law. Also, comparative law arguments drawn from consideration of German case law and legal literature are applied. The authors examine two examples of Estonian online services – an online ticket sales service and an e-invoice management portal – and conclude that Estonian law does not grant the respective service providers a right to deny heirs access to the accounts.

Keywords:

digital inheritance; post-mortem data protection; access to the personal data of a deceased person; access to digital assets; contracts with online service providers; inheritability of online accounts; right to exclude inheritability; principle of universal succession

1. Introduction

We have moved more and more of our lives onto the Internet. Digital services, smart devices, and constant connection to the Internet are reality and increasingly important both for society and for individuals. This has brought about the all the more topical issue of digital inheritance *1 : When a member of the digital society dies, diverse digital objects are left in addition to various smart devices (such as a mobile phone, car, and laptop). As only a few countries have regulated this issue by law *2 , the question is whether and how an heir could claim access to digital assets of the deceased, such as files saved ‘in the cloud’ or e-tickets saved to an online ticket portal account.

Hardly anyone would challenge inheritance of a car or a house on grounds that there could be letters or photos in the glove box or the attic that, for reason of personal or intimate content related to the deceased or his or her communication partners, the heir should not see. Yet many providers of online services, mainly for these particular reasons, deny heirs access to the e‑mail, Facebook account, etc. of the deceased. *3 The European legal literature analyses the problems of digital inheritance mainly with regard to the relationship between inheritance law and protection of personality rights, secrecy of telecommunications, the obligation of secrecy, and data protection law. On the other hand, the question about access to a person’s digital possessions is of a practical nature for the heirs: how to use assets in the estate and meet obligations to creditors if the assets are not entirely known and there is no access to them. In Estonia, known as a pioneer of the digital society, most people could not imagine life without e‑services and online invoicing. This article examines whether and to what extent the rules of Estonian applicable inheritance and data protection law enable heirs to exercise their rights with respect to the inheritability of these particular objects and exercising the rights arising therefrom. More precisely, we consider whether an heir is entitled to claim access to digital accounts of the deceased and download content therefrom, looking into two examples of online services – arved.ee and piletilevi.ee. Both of these environments exclude, in principle, access by heirs, considering them third persons, who are entitled to request neither the deceased’s password nor handing over of the content (e.g., unused tickets) *4 .

2. The principle of universal succession

The entirety of the academic discussion surrounding digital inheritance – being at its liveliest probably in Germany *5 – relies on the principle of universal succession, originating in Roman law *6 . Broadly speaking, this means that each dead person (the deceased) is to have a universal successor, an heir to whom the estate is passed in its entirety *7 . The principle of universal succession is also part of Estonian inheritance law *8 , which can be regarded as having been influenced most heavily by German law as a model and driver of its development. For that reason, the authors of this article use comparative law arguments drawn from German case law and legal literature *9 .

2.1. The purpose of the principle of universal succession

The principle of universal succession ensures that objects belonging to a person do not become ownerless at his or her death, and that claims and liabilities do not lapse – there is another person who will recover the claims and be responsible for the liabilities, and there is property out of which to settle the liabilities. At the same time it is also set out which rights and obligations are extinguished upon death *10 . This ensures continuity in legal transactions and clarity in legal relations that are transferred because of death *11 . The purpose for the principle of universal succession is to maintain the integrity of the inheritable estate in the interests of heirs, creditors having claims in respect of the estate, recipients of a compulsory portion *12 , and the public. *13

2.2. The nature of the principle of universal succession
and the presumption of inheritability of all assets

The importance of the principle of universal succession in the eyes of the German legislator is reflected already in where the corresponding rule can be found, in the very first section of the part of the civil code setting out law on succession (§1922 *14 of the Bürgerliches Gesetzbuch, BGB) *15 . In the Estonian Law of Succession Act (LSA) *16 , the principle of universal succession has been expressed in several provisions *17 . In addition, in the General Part of the Civil Code Act (GPCCA) *18 , legal succession *19 and the concept of property *20 have been regulated. It follows from these provisions that, in principle, upon a person’s death all the rights and obligations belonging to him or her at the moment of death are transferred to an heir, inclusive of ownership of material things as well as rights and obligations arising from, for instance, a sale contract. In a difference from succession based on the transaction, whereby each right and obligation has to be transferred separately in line with the provisions for the transfer of that specific object, *21 the object of transfer in universal succession by inheritance is the set of objects being transferred by force of law *22 . Also, none of the limitations apply that are inevitable for singular succession *23 . The property can be passed to only one subject, which may be either one heir or several heirs jointly, *24 but it cannot be passed, for instance, to different recipients of legacies with direct material effect (legacy by vindication) *25 .

As a universal successor, an heir automatically obtains the position of the legal predecessor as if no legal succession had occurred at all *26 , simply replacing his or her predecessor in an existing legal relationship *27 . With regard to contracts, the heir will assume the same contractual position held by the deceased, including accessory claims (the right to request information or reporting *28 ) and formative rights (the right to declare avoidance and a statutory or contractual right to withdraw or cancel). *29 In other words, the heir is entitled not only to require or accept performance of a contractual obligation but also to claim damages, if doing so would have been justified for the predecessor were he or she still alive, or, eventually, terminate the contract. In the case of universal succession, the successor simultaneously enters into all the inheritable legal relations in which his or her legal predecessor participated before the transfer *30 , whether or not the (special) law or a will contains a rule confirming such a transfer. It has been pointed out in legal literature that the transfer does not depend on the intent of an heir to inherit individual objects. Nor is it contingent on his or her awareness of their existence *31 . The principle of universal succession ensures that the property of the deceased in its entirety will be transferred, including objects that may not even come
to mind. *32

In essence, an heir not only becomes the owner of the objects that belonged to the deceased but also continues to carry all the legal positions that can be transferred by way of succession *33 . Yet the legal regime provides also for legal positions that are extinguished upon death. These are, however, a few, limited exceptions *34 and can often be justified by the argument that the succession can occur only in property, not in personality of the deceased *35 .

There is no sound reason for digital objects not to be covered by the principle of universal succession. Not encompassing digital objects would entail letters and diaries of a deceased person being inheritable while e-mail and private ‘instant messaging’ – perhaps even carrying the same message – are not. There is only one inherited estate, which consists of different types of components: digital and non-digital *36 . Differential treatment has not been considered justified in German case law either: the inheritability or non-inheritability of a particular object should depend not on the data‑carrier medium but on the nature of the legal position *37 . Thus, for the purposes of inheritance law, digital objects should be treated in the same way as physical documents or content stored on a hard drive or USB stick *38 .

2.3. The legal position of the deceased during his or her lifetime

To give an answer to the question of whether an heir is entitled to claim access to e-invoices or e-tickets, we have to ask firstly what the legal position of the deceased was, and then we may proceed to analyse whether it is transferred by inheritance. It should be borne in mind that it is not the objects as such that are transferred but the legal position with regard to these objects *39 . As e-tickets, e-invoices, or the e-account itself are not material objects and have not been saved to such objects either *40 , there can be no question of the right to ownership or possession *41 . Rather, the legal relationship between the deceased and the service providers might have been regulated by a contract. In cases wherein the data storage is in the cloud, the contract instead of the ownership is considered to be the ‘carrier medium’. *42 Although qualification of the contract depends upon the particular service – that is, the obligation of the service provider – a characteristic common to all these types of agreements is the obligation of the service provider to allow the user access to the online account and the data therein *43 . For e-tickets, the main object of the contract may be the service of a ticket agency, and for the mailbox service of arved.ee it could be the service of invoice management. In both situations, it is important to be able to access and maintain data and also to download these at any time suitable for the customer. A user ID and password are necessary as well *44 . Considering the purpose of the agreement and the non-material nature of the objects, provisions regarding contracts for services, contracts of mandate (under §619 of the Law of Obligations Act, LOA), or contracts of brokerage (under §658 of the LOA) could be applied in principle. According to Estonian law, provisions pertaining to a contract of mandate are most likely to apply both to a contract for ticket brokerage and to one for invoice management. In the context of this article, the important conclusion is that, with respect to e-accounts, it is the contractual position in its entirety that is included in the estate. 

3. Legal positions that are not passed to heirs
under the principle of universal succession

3.1. Non-inheritability based on legal position

We will proceed to analyse whether inheritability of the contractual positions in question could be excluded by way of exception – for instance, for the reason that using a service requires entering a user ID and password while these may not be transferred to third persons. Estonian law is unlike German law in containing legal provisions for non-inheritability whereby rights and obligations that by their nature are inseparably bound to the person of the deceased or that by law do not transfer from one person to another *45 are not transferred by succession *46 . However, the determination of non-inheritability might prove to be a serious legal challenge in both legal systems. As explained in Estonian legal literature, an inseparable bond needs to be ascertained with regard to the circumstances of the specific case, the rationale for the legal act, and the nature of the rights and obligations *47 . In one simple example, an obligation is non-inheritable if that obligation cannot be performed without the personal participation of the deceased. Consider an obligation involving personal performance that requires use of intellectual capacity, such as a service of an artist or a singer *48 . Such services of a personal nature cannot be taken over by the heir, since the heir lacks capacity to fulfil the contractual obligations. *49 As a rule, death of the obligee does not end a legal relationship, since fulfilling the contractual obligation does not depend on the person of the obligee. But there can be exceptions, such as in the case of ordering a made-to-measure suit from a tailor *50 . In some cases the presumption of inheritability is provided by law – e.g., a contract of mandate does not expire upon the death of the mandator as regulated in §632 (1) of the LOA. In those cases, the Estonian legislator has deemed the interests of the heirs important. For instance, where a service served the patrimonial interests of the deceased, the heirs of the principal are presumed to be interested in the same patrimonial advantage. If they are not, the heirs can terminate the contract *51 .

Although being non-transferable within one’s lifetime does not necessarily mean non-inheritability *52 , estimation of inheritability can be based on provisions pertaining to assignment of claim and assessing whether an obligation can be fulfilled for the benefit of a new obligee without the content of the obligation being altered *53 . German scholars argue equally that there is nothing tailored to the testator, as it were, in Facebook’s obligation to allow use of the infrastructure of its social-media environment *54 . The Federal Court of Justice, or Bundesgerichtshof (BGH), has explained that the obligation to provide a communication platform, and, at the request of the user, that to publish content and to deliver messages to another account, as well as that to allow unfettered access to the messages delivered or content shared, have the same design for each and every user. The court held that such obligations are not personally bound to the person but of a technical nature and can be fulfilled for the benefit of the heir without the content of the obligation being altered *55 . Moreover, the court argued that the contractual obligation of Facebook is bound not to the person but to the account: Facebook is obliged to deliver the message to the account not to the person and it is not in its power to prevent the user ID and password being passed on to third partiesnor to establish the identity of the recipient *56 . The court admitted that the contractual relationship is bound to the person of the user to the extent that only he or she is entitled to send messages and post content, but this, in the court’s view, does not exclude the inheritability of the contractual relationship. It may, however, lead to the conclusion that a right of actively continuing to use the account is not included in the heir’s right of inheritance *57 .

There is Estonian case law in which courts have declared inheritable a tax benefit by which the bequeather was entitled to the right to deduct the acquisition cost of the property from the gains derived from the sale of that property *58 , had an obligation to pay compensation for non-patrimonial damage *59 , and bore an obligation to pay compensation for damage that had been caused by breach of an obligation that is inseparably bound to a bequeather and cannot be transferred within one’s lifetime *60 . On the other hand, an example of non-inheritability is to be found in an income tax exemption based on the use of the dwelling as the taxpayer’s residence *61 . The European Court of Justice has held that even a worker’s right to receive an allowance in lieu of paid annual leave not taken by the date of death is passed to an heir. *62 In the German legal literature, inheritability is considered not to be deemed ruled out by dint of the strictly personal content of a digital object, *63 nor is it excluded even by the fact that a legal position does not (any longer) have monetarily appraisable value *64 . The German authors are critical of the criterion of patrimonial value, which is said to be overly restrictive and to entail vast delimitation problems – e.g., that e-mail messages may have but do not necessarily have patrimonial value and may be both personal and professional *65 . At this point, it has already been established in case law also that drawing such a distinction is neither legally justified nor practically feasible *66 .

It can be concluded from the above that the rights and obligations arising from the arved.ee and piletilevi.ee contracts are not inseparably bound to a person in the meaning of Estonian inheritance law: the contracts clearly are aimed at protection of patrimonial interests; the contractual relationships lack the component of being personalised and individualised, meeting the needs of a particular client in specific; there is no special trust relationship created, whereas the existence of one might suggest a secrecy obligation of the parties. Accordingly, the contract clearly gives rise to obligations that can, in principle, be fulfilled by the service provider for the benefit of any obligee without the content of the obligation being altered. The user ID and password requirement alone does not make the obligation relationship inseparably bound to a person. It is not in the power of the service provider to prevent the user ID and password or the ticket being passed on to third parties nor to establish the identity of the user, as indeed can be concluded from the terms of use of piletilevi.ee *67 . Moreover, the transfer of digital assets is in the interests of an heir. In addition, the heir has a justified interest in getting an overview of the assets the estate encompasses and meeting the – inherited – obligations towards obligees, on whom arved.ee may give additional information. 

3.2. Non-inheritability based on intention of the deceased

Finally, a question might arise as to whether the transfer of contractual claim in question could be excluded on the basis of the intention of the deceased. This is, in itself, supported by the German legal literature and case law by reference to the principle of contractual freedom. *68 Thereby, in principle, a person can agree with the service provider on what will happen to the account after the account-holder’s death (e.g., that the account must be deleted) *69 . Scholars disagree as to whether the exclusion of inheritability may be regulated via standard terms. This question has even been left open by Germany’s highest court *70 . However, under German (and Estonian) law, standard terms are subject to an unfairness review regarding the circumstances of the specific case *71 .

It can be presumed that neither the arved.ee nor the piletilevi.ee contract includes an individually negotiated agreement addressing the question of inheritability. Nor is the topic explicitly regulated in their terms of service. With regard to contracts of mandate, which regulation is to apply most likely in connection with both, Estonian law provides a statutory presumption that a contract of mandate does not expire automatically upon the death of the mandator (the user). *72 This means that other agreements are possible; i.e., the user and service provider can agree in their contract that the service contract terminates upon the person’s death. Such an agreement cannot, however, be deduced from the relevant service providers’ clauses on user conditions, which require personal participation under the user’s real name *73 , prohibit disclosing one’s password, and forbid granting access to third parties. However, it is mainly by the latter argument that piletilevi.ee and arved.ee exclude inheritability *74 . In the authors’ view, these are mostly agreements setting out obligations in a person’s lifetime *75 . Heirs are not third persons in this context but universal successors of the deceased who by force of law assume the place of the deceased in a legal relationship. Rather, the purpose of such rules is to guarantee security of the e-environment, which would not be compromised by heirs’ access to an account for management of inherited assets *76 .

3.3. Legal consequences of non-inheritability

Where a right is not exceptionally transferred by succession, it generally is extinguished *77 . This does not, however, mean that the heir is automatically denied access to the objects in question. For instance, extinction of usufruct by death is provided by law, but the law provides also that the heirs as legal successors of the usufructuary still are required to return the object of the usufruct to the owner in the state specified by the law. *78 With regard to non-inheritability of a contractual position, the legal relationship is terminated only with ex nunc effect. In the case of long-term contracts, the consequences of extinction of obligation can, by analogy, benefit from the cancellation provisions of the general part of the LOA (on return of that which has been delivered in advance) and on certain occasions also from the withdrawal provisions (on return of that which was delivered) *79 . In cases wherein the post-mortem regulation is not explicitly provided by law, restitution obligations may also arise from legal provisions on the respective type of agreement, as with §626 (1) of the LOA, which imposes an obligation on the mandatary to hand over to the mandator (and at his or her death to the heirs) anything received or created in connection with performance of the mandate, along with anything that he or she received and did not use to perform the mandate. Handing over can include both things and rights *80 , such as a bearer security (ticket). The German scholars argue that even if the contractual relationship were to end for reason of death (e.g., a special cancellation right has been granted), the cloud‑storage service provider would still be required to make the data saved so far (pictures and e-mail content) accessible to an heir and delete those in its possession. On no occasion is the service provider allowed unauthorised erasure of data or use of said data for its own benefit. *81

Consequently, if, hypothetically, the contract with Piletilevi provided specifically for the contract to terminate upon death, this would mean that an heir would not be able to buy new tickets under this contract. Yet this should not cause the tickets bought by the deceased, which cannot be used by him or her anymore, to remain at the disposal of the service provider. There is no justified reason for digital tickets to be subjected to different inheritance rules than tickets printed on paper. If the deceased had ordered paper tickets from a ticket office, the agency would have to deliver tickets to the heir. Moreover, the principle set out in §626 (1) of the LOA should be regarded as an essential principle of law in the sense of §42 (1) of the LOA, meaning that standard terms derogating from such a principle would be unfair to the consumer and hence void. Accordingly, where a contract of mandate provides for its termination by the death of the mandator, the heirs should preserve the right to demand transfer of tickets or, for instance, recovery of advance payment on account.

3.4. Solution under law of succession

It is confirmed by the above that in the circumstances of the given examples the estate of the deceased includes a contractual position with e-services providers. As in these cases non-inheritability does not follow from statutory provisions, nor does it follow from the nature of the contractual relationship or is non-inheritability agreed on in the contract itself, contracts are passed to heirs along with other assets upon the person’s death. As an heir ‘steps into’ a contractual relationship, replacing the deceased as a universal successor, the heir will assume the same contractual position held by the deceased, including primary and accessory claims. Transfer of the contractual position in its entirety means that an heir is, at least for the purpose of managing the estate, entitled to access the account of the deceased and to use and manage the content of the account. Also, an accessory contractual claim for receiving information related to user ID and password is included, as is one for contract details. In other words, if the person him- or herself had the right to access the account and obtain a new password, the same right (claim) should belong to the heir. An heir assumes this position by force of law and is not a third person, who should be denied access to e-accounts by the service providers. German legal literature expresses the same opinion: contractual relationships with e-services providers, characterised by existence of a user account, are inheritable. As a party to a contractual relationship, an heir has substantive justification for being granted access to the data of the deceased stored on an account *82 . An heir is entitled to request information on passwords *83 and in conjunction with §1922 of the BGB also on whether the deceased had entered into a contract with a specific service provider *84 .

All in all, Estonian law allows relying on succession law for purposes of enforcing claims under law of obligations, arising from contracts with e-services providers. For proving one’s rights, it is practical to provide a succession certificate *85 , which should list all the heirs who have not renounced succession and are officially declared to be the universal successors *86 . In addition, succession law grants the heir a special right to information: Section 121 of the LSA provides that even before the end of the term for renunciation of succession, a person entitled to inherit has the right to receive information pertaining to the composition of the estate from a court, a notary, or another person who possesses the estate.

In summary, the heir is entitled to access the account, download the tickets bought by his or her predecessor, and enjoy the concert just as much as he or she is entitled to use and manage the rest of the estate. One of the purposes of universal succession is to ensure that the objects do not become ownerless. Denying inheritability of the Piletilevi contract would result in exactly that.

4. Post-mortem data protection as a possible solution?

It may be asked whether heirs could request access to e-accounts of the deceased under data protection rules. For the data protection framework to apply, the invoices transferred through the billing environment arved.ee or the tickets bought through the ticket brokerage system of Piletilevi (or, more precisely, the information disclosed therein) should qualify as personal data. Although the invoice amount in itself cannot be linked back to a certain person, invoices usually contain the obligor’s or data subject’s name, often accompanied by contact details that make the person identifiable either directly or at least indirectly. *87 Therefore, as a rule, data contained in e-accounts are personal data of the obligor and consequently covered by the EU data protection rules. The payer’s name is indicated also on the tickets bought and printed out through the system of piletilevi.ee. However, as a rule, data protection law governs only the right of living persons (or data subjects) to the protection of personal data. Therefore, post-mortem data protection was not covered by the EU data protection directive adopted in 1995 *88 , and most Member States did not provide for protection of personal data of deceased persons in their national law *89 . Likewise, the new General Data Protection Regulation (GDPR) *90 , which has applied since 25 May 2018, governs only the rights of living persons (data subjects *91 ), leaving the post-mortem data protection within the competence of the Member States. Recital 27 of the GDPR states expressly: ‘This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons.’

At least to date, data protection rules have not been applied to the personal data of deceased persons in most EU member states. *92 In Estonia, in contrast, the post-mortem protection of personal data has been statutorily provided for since 2003. Also, the Personal Data Protection Act of 2008 *93 , which has since been repealed, provided as follows in its §13: ‘After the death of a data subject, processing of personal data relating to the data subject is permitted only with the written consent of the successor, spouse, descendant or ascendant, [or] brother or sister of the data subject, except if consent is not required for processing of the personal data or if thirty years have passed from the death of the data subject.’ This provision has not proved relevant in practice, though, nor has it attracted attention in Estonian legal literature until now.

The same principle is maintained in §9 of the new Personal Data Protection Act (PDPA) *94 , with the exception of the right to decide upon giving consent, which now belongs to heirs and no longer to members of the immediate family. Hence, Estonia will continue its earlier approach, in belonging to the minority of EU member states in which personal data protection is applied at least in some respects after a person’s death. Therefore, it might be asked firstly whether heirs could have the right to request access to the invoices of the deceased under Article 20 (1) of the GDPR (i.e., in line with the so-called right to data portability). According to said provision, the data subject has the right, on certain conditions, to receive the personal data concerning him or her that he or she has provided to a controller, in a structured, commonly used, and machine‑readable format, and the right to transmit those data to another controller without hindrance by the controller to which the personal data were provided. This provision does not, however, give the heirs the right to request access to invoices stored in the mailbox of a deceased person, for the sole reason that, according to §9 of the new Personal Data Protection Act, it is not all the rights of the data subject (including the right to data transfer) that pass to heirs but only the right to give consent to the use of the personal data of the deceased or, where the deceased person has given the consent himself or herself, to alter that consent. *95 Secondly, Article 20 (1) of the GDPR gives the data subject the right to receive the personal data he or she has provided to a controller, but invoices, such as power and water bills, do not constitute personal data that the data subject had provided to the data controller.

Next it is appropriate to ask whether an heir’s right provided for in §9 of the Personal Data Protection Act to decide upon giving consent for the use of the personal data of a deceased person should also cover the right provided in Article 15 of the GDPR to access the personal data of a deceased person. In other words, does Article 15 of the GDPR permit heirs to request access to e-invoices or to a Piletilevi account? Article 15 (1) of the GDPR provides that the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and certain information. The data subject is entitled to receive information, inter alia, about the categories of personal data involved, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data on the data subject or to object to such processing, and – where possible – the envisaged period for which the personal data will be stored. Article 15 (3) of the GDPR gives the data subject the right to request a copy of the personal data undergoing processing or transfer of information in a commonly used electronic form.

Neither the Personal Data Protection Act nor its explanatory memorandum provides an answer to the question of whether an heir has, in addition to the rights related to consent, the right to demand access to the deceased's personal data. Heirs were provided with such a right under §19 (4) of the previous version of the Personal Data Protection Act, whereby all of the data subject’s rights were passed to heirs. That the new act does not contain such a provision might indicate the legislator's intention to restrict the transfer of a data subject’s rights to only that related to consent. It can be argued, however, that an heir has also a legitimate interest in demanding access to data for purposes of being able to make a decision about withdrawal or alteration of consent. But even such an interpretation of §9 of the PDPA would not confer upon heirs the right to demand access to electronic accounts, as neither arved.ee nor piletilevi.ee collected the deceased person’s personal data with the consent of that person; that is, consent did not form the legal grounds for the data processing. They utilised the data only to perform the contract to which the deceased person was a party – that is, on other grounds within the meaning of §9 (2) 4) of the PDPA. Namely, it is stated in §9 (2) 4) of the PDPA that the consent of the deceased person is not required for processing of his or her personal data if the processing of personal data is performed on other legal ground. This other legal grounding is articulated in Article 6 (1) (b) of the GDPR, according to which data processing is lawful if the processing is necessary for the performance of a contract to which the data subject is party. *96  It follows that in cases such as those at issue in our examples, an heir would not be entitled to withdraw consent or alter it under §9 of the PDPA and that therefore the heir lacks a legitimate interest in gaining access to the personal data of the deceased.

This conclusion is consistent with the purposes of data protection law. The purposes of data protection law are protection of a natural person from the commercial use of his or her personal data by third persons *97 and, more broadly, respect for a person’s private sphere *98 , not simplification of the inheritance procedure for heirs or safeguarding of their economic interests. For this reason, data protection rules are not suitable for solving the problem described in this article. *99 Nevertheless, they do not pose obstacles to solving that problem either, as the data protection rights of the deceased terminate upon his or her death. This means that the obligor cannot appeal to the data protection rules for justifying denial of access to the online accounts of the deceased.

5. Conclusions

Estonian inheritance law enables an heir to access digital assets of the deceased. In Estonia, the principle of universal succession applies. This means that the inheritance of digital objects follows the same rules as transfer of ownership to material objects and, for instance, rights and obligations arising from a sale contract. In the case of e-accounts, it is the set of rights and obligations arising from a contract concluded between a deceased person and an Internet services provider that is included in the estate. The contractual positions analysed in the article – involving piletilevi.ee and arved.ee – are not excluded from succession by an agreement. Nor are they inseparably bound to the deceased person, mainly because they lack the component of being personalised and can, in principle, be fulfilled for the benefit of any obligee without alteration to the content of the obligation. Hence, upon death these contractual relationships, among other objects in the estate, are transferred to the heir. As the deceased has trusted the heir with the position of being his or her legal successor, the heir is to be considered the person most suited to deciding what shall happen to the digital assets – not to mention that digital objects, such as an online billing environment or e-mail account, may include information on obligations, which unquestionably have been transferred to the heir by way of succession.

As a universal successor, an heir obtains the same legal position of the deceased as if no transfer had occurred at all. An heir replaces the deceased in a legal relationship by force of law and should not, in this context, be considered a third person, who should be denied access to e‑accounts. Consequently, the heirs have the same contractual claims against the e-services provider that the deceased would have had him- or herself. In other words, the heir has the right to request information pertaining to the existence of the contracts, access the e-accounts and download data therefrom, request information on passwords, and (alternatively) exercise the right to terminate the contract. This follows from the universal succession principle of the inheritance law.

Data protection law does not provide heirs with additional rights, since the purpose of data protection law is to protect a person’s personal data against the activity of third persons, not to simplify the inheritance procedure for heirs or to safeguard their economic interests. On the other hand, data protection law does not entitle the service providers to refuse to give heirs access to the accounts either, as data protection rights end with the data subject’s death.

The purpose of the principle of universal succession is to guarantee continuity of and clarity in legal relations and to ensure that no object, be it digital or not, becomes ownerless, and that the property as a whole is managed in the best interest of all interested persons. Where a person wishes to exclude heirs’ access to a certain object, it is best to make arrangements to that end already within his or her lifetime, by such means as establishing a testamentary obligation and/or appointing an executor of will.

pp.117-128