Uniform Access to Digital Assets by Fiduciaries Act - Progress Report (2015)
Donna L. Molzan, QC, Alberta
Yellowknife, NT
August, 2015
Readers are cautioned that the ideas or conclusions set forth in this paper, including any proposed statutory language and any comments or recommendations, may not have been adopted by the Uniform Law Conference of Canada. They may not necessarily reflect the views of the Conference and its Delegates. Please consult the Resolutions on this topic as adopted by the Conference at the Annual meeting.
Report on the Uniform Access to Digital Assets by Fiduciaries Act Project
[1] The number and value of digital assets held by individuals is increasing over time. A digital asset may be defined as anything that is stored in a binary format or more simply an electronic record. Digital assets may include online assets with financial value such as Pay Pal accounts, virtual bank accounts, online gaming accounts and so on. Digital assets may also include items with sentimental value or personal value such as photos stored in cloud accounts, Facebook accounts, email accounts such as Google and other social networking accounts. When a person dies or becomes incapacitated, a fiduciary such as a personal representative, guardian, attorney or trustee needs access to these electronic records in order to properly administer the property of the deceased or incapacitated person. At present, the law does not deal adequately with how fiduciaries may gain access to these digital assets. The right of fiduciaries to deal with digital assets is not clear to everyone in the digital world; nor is the duty of custodians of the digital assets to provide access to these assets to fiduciaries. This is becoming more important as we experience the greying of our population as well as the increase in digital assets held by all individuals in our society.
[2] To reform Canadian law in this area, this Working Committee was established and directed to develop an interim report to be brought to the 2015 Annual Meeting on its progress and on any policy issues on which the direction of the Civil Section is needed. Assuming approval of the policy, it has been asked to prepare a draft Uniform Access to Digital Assets by Fiduciaries Act and commentaries for presentation to the 2016 Annual Meeting.
[3] The Working Committee was established with the following members: Gwen Benjamin, of Wilson Vukelich LLP, Markham, Ontario; David Debenham, of McMillan LLP, Ottawa, Ontario; John Gregory of the Ministry of the Attorney General (Ontario), Toronto, Ontario; Ontario; Barbara Janzen, of Bull Housser & Tupper, Vancouver, British Columbia; Yana Nedyalkova of Computershare, Toronto, Ontario; Bertrand Salvas, Notarial Internship Supervisor and IT Law Specialist, Montreal, Quebec; Ron Usher, of the Society of Notaries Public of B.C., Vancouver, British Columbia; Tracey Woo, of RBC Wealth Management, Estate & Trust Services (Royal Trust Corporation of Canada), Toronto, Ontario; Thomas Grozinger, RBC Wealth Management, Estate & Trust Services (Royal Trust Corporation of Canada) Ottawa, Ontario, and Donna Molzan, QC, of Alberta Justice and Solicitor General, Edmonton, Alberta.
[4] The Working Committee has met a number of times by telephone conference. The Working Committee has also consulted with experts and interested persons on the policy issues related to the project. The Working Committee has identified several issues of policy for the Conference‟s consideration.
Policy Issues
1. Should the Uniform Act be consistent with UFADAA?
[5] In July 2014, the Uniform Law Commission, formerly known as the National Conference of Commissioners on Uniform State Laws, approved and recommended for enactment in all states, the Uniform Fiduciary Access to Digital Assets Act (UFADAA)1. The purpose of this Act is to ensure that fiduciaries have clear authority to access, control or copy digital assets and accounts. The Act is drafted so as to remove barriers to a fiduciary's access to electronic records and to leave unaffected other law, such as fiduciary, probate, trust, banking investment securities and agency law.
1 As at June 2015, UFADAA has been introduced in 26 states. (www.uniform.org/Shared/LegReports/LegRpt_Act.pdf)
[6] The organizations (usually privately-owned businesses) that carry, maintain, process, receive or store digital assets are known in the US Uniform Act as “custodians”.
The digital assets themselves notionally and often literally constitute “accounts” in the control of the custodians. The owners of such accounts are account holders. It is very common that electronic data of Canadian account holders are located in the United States. Their custodians are subject to US state and federal laws. US legislation on privacy, computer fraud and abuse criminalizes or creates civil liability for unauthorized access to computer hardware and data. As well, custodians‟ Terms-of-service agreements (TOSAs) often prohibit anyone other than the account holder from accessing the account even with the account holder‟s authorization. These TOSAs are normally governed by the laws of the state of the custodian.
[7] The Working Committee concluded that it will be helpful to Canadian account holders if uniform legislation to provide access to digital assets by fiduciaries in Canada is informed by and consistent with the UFADAA so that US-based custodians find it familiar and thus easy to comply with.
2. Which fiduciaries should be included in the Uniform Act?
[8] Generally, when a person dies or becomes incapacitated, a fiduciary is needed to deal with the person‟s personal or financial affairs or make decisions for the person. These fiduciaries are authorized to act under such instruments as a will, a grant of probate or administration (also referred to as “letters of administration” in some jurisdictions), a power of attorney, a personal directive or a Court order granting guardianship or trusteeship. In these cases, the fiduciary is seen as “stepping into the shoes” of the person. These shoes have been left empty as the person is either deceased or lacks capacity to manage their own personal or financial affairs or make decisions. Few holders of digital assets and accounts consider the fate of their online presences when they are no longer living or in the event that they are no longer able to manage their assets.
[9] The intention of a Uniform Act is to give a firm legal foundation to the authority of fiduciaries to exercise authority on behalf of the account holder. The statute will essentially confirm that the usual powers of fiduciaries extend to digital assets, with whatever practical implications that extension may have. The statute will not deal with any other efforts to access digital assets. Family members, friends or other interested persons may seek access but unless they are fiduciaries, their efforts will be subject to other laws and not be covered by the Uniform Act.
[10] Trustees in bankruptcy or insolvency will not be included in a Uniform Act. These officials are subject to other federal and provincial legislation. They also differ from the fiduciaries named above in that they do not act for the individuals who are bankrupt or insolvent, but for their creditors. However, Industry Canada may wish to consider whether similar policies should apply to trustees in bankruptcy or insolvency.
[11] While each province and territory sometimes have different titles for the fiduciaries that deal with the estates of deceased individuals or incapacitated individuals, a uniform approach to the substantive law will improve certainty and predictability for account holders, fiduciaries, and the courts.
[12] The UFADAA applies to personal representatives, conservators (guardians), agents acting pursuant to a power of attorney and trustees. They are all fiduciaries who must act in compliance with their fiduciary powers and duties. They must therefore deal with the digital assets of persons upon the death of the individual or when the individual becomes incapacitated.
[13] Consistent with UFADAA, the consensus of the Working Committee is in favour of applying the Uniform Act to personal representatives, guardians, attorneys and trustees but not to trustees in bankruptcy. As well, similarity to the UFADAA will help ensure certainty and predictability for custodians who are located in the United States.
3. How should digital assets be defined in the Uniform Act?
[14] In order to carry out their fiduciary duties, a fiduciary requires access to all the assets and liabilities of the deceased or incapacitated person. The electronic records of the deceased or incapacitated person may include financial information on balances in PayPal or virtual bank accounts; online bills and debts as well as Facebook posts describing the property or the location of the property of the deceased or incapacitated
person.
[15] The UFADAA defines a digital asset to mean a record that is electronic. This term does not include an underlying asset or liability unless the asset or liability is itself a record that is electronic.
[16] The Working Committee concluded that a similar definition should apply in the Uniform Act. Thus, a digital asset will be defined as a record that is electronic but it will not include any underlying tangible asset or liability.
4. What right to access should fiduciaries have in the Uniform Act?
[17] Fiduciaries require access to the electronic as well as the physical records of the deceased or incapacitated person to carry out their duties. In order to ensure this right of access, the Uniform Act should clarify what the right includes in the case of digital assets.
[18] The Working Committee concluded that the right to access should include a right to access the content of an electronic communication; a right to access a catalogue of electronic communications sent or received by the account holder; and a right to access any other digital asset in which the account holder has an interest. The UFADAA takes this same view.
[19] The Working Committee did not identify any privacy or criminal law barriers to fiduciary access in current Canadian law. However, US federal and state privacy and computer hacking laws often limit access to digital accounts to authorized users. UFADAA therefore specifies that a fiduciary is an authorized user for the purpose of those laws. As noted earlier, the Working Committee concluded that the Canadian Uniform Act should be consistent in approach with the US laws that affect custodians. As a result, similar language about authorized use would be useful in the Canadian statute, both for Canadian purposes and to facilitate cross-border application.
[20] The Working Committee also determined that the Uniform Act should include the right to access, control and copy digital assets to the extent permitted by Canadian copyright laws.
[21] Finally, the Working Committee discussed assets whose ownership by the account holder or their beneficiaries might be doubtful such as licenses that expire on death and pirated or illegally held digital assets. The Working Committee concluded that a fiduciary should have no greater property right to the digital asset than the deceased or incapacitated person had. However, a fiduciary may need access to assets even if they are illegally acquired or not inheritable in order to properly account for the assets and liabilities of the deceased or incapacitated person.
5. How should fiduciaries get their authority to deal with digital assets?
[22] As noted earlier, fiduciaries generally get their authority through an instrument, statute or court order. The Working Committee considered whether the authority to deal with digital assets must be expressly provided in the instrument, statute or court order or if this authority can be implied when the account holder has given the fiduciary general authority to deal with their property and administer their estate.
[23] The law on fiduciaries generally gives broad scope to the assets covered, unless the instrument appointing the fiduciary lists the asset and specifically excludes or limits the fiduciary authority to deal with the asset. Recent examples of statutes that are not only general in scope but also media-neutral in language are found in Alberta and British Columbia. Section 20 in the Estate Administration Act in Alberta provides that the Personal Representative stands in the shoes of the deceased and can do anything the deceased could do with their property although only for the purpose of administering the estate and subject to any restrictions on this authority in the will. The British Columbia, Wills, Estates and Succession Act also provides a similar authority to a Personal Representative in section 142.
[24] Section 8 of the UFADAA provides that the fiduciary has a right of access to the electronic record and stands in the shoes of the account holder except where the account holder opts out or restricts fiduciary authority.
[25] The consensus of the Working Committee favoured a statutory rule to confirm the implied authority of a fiduciary over all digital assets unless its scope was expressly varied in an instrument. This eliminates the need to redo all instruments and avoids creating gaps in the law, so as to allow fiduciaries to deal with the property of deceased or incapacitated persons in all media.
6. When should the Uniform Act apply?
[26] The Working Committee considered whether the power of fiduciaries to access digital records should apply to fiduciaries whose authority was (a) created before the Uniform Act comes into force in the relevant jurisdiction, or (b) given effect before that date. Examples included circumstances where (a) the will is made before the Uniform Act comes into force, but the testator dies after the Uniform Act comes into force, and (b) the will is made and the testator dies before the Uniform Act comes into force. The same situation may arise with a power of attorney that takes effect on a future event.
[27] It was agreed that the Uniform Act should apply to ensure that fiduciaries have the power to access digital assets, in all cases unless there is an express exclusion in the particular instrument that gives the fiduciaries their power. If this approach is not taken, there is a risk of a gap where no one clearly has access to certain assets, and the assets will disappear, be lost or merely continue to exist in perpetuity with no one responsible
for them.
[28] The Working Committee also considered that this is more an issue of prospective application of new law rather than an issue of retroactivity. The Uniform Act will not change the legal consequences of anything done in the past. It will not give new kinds of administrative powers to fiduciaries with responsibility for dealing with the property of deceased or incapacitated persons. It will ensure that the usual powers can be properly exercised for digital assets. The Uniform Act will provide custodians with immunity from civil or criminal consequences of good faith disclosure to fiduciaries. It will not penalize fiduciaries for failing to get access to digital assets before the Uniform Act was passed, or punish any custodians who declined to provide access previously.
[29] The Working Committee took the view that the current law gives fiduciaries the right to access digital assets, as they typically have the authority to deal with all the assets of the deceased or incapacitated person without restriction on whether the asset is tangible or digital property. The purpose of the Uniform Act is to affirm and codify the existing powers, to put them beyond doubt and to resolve particular questions that arise with particular assets, but not to create a whole new set of rights where none existed before. In short, the Uniform Act will be substantially declaratory of the current law. However, the Uniform Act will also provide a mechanism to bind custodians to ensure that fiduciaries can discharge their duties.
[30] The UFADAA follows this same reasoning and applies the Uniform Act in the same manner.
[31] The consensus of the Working Committee is that the Uniform Act should apply, and thus, ensure that fiduciaries clearly have the power to access digital assets, in all cases unless there is an express exclusion of these assets in the instrument that gives the fiduciaries their power.
7. Should the Uniform Act regulate how individuals may opt out of fiduciary access?
[32] Consistent with the principle that a person should have the freedom to do what they want with their property, account holders should in many circumstances be able to opt out of fiduciary access or to designate a particular fiduciary rather than another. This is known to occur for tangible assets: wills may create special trustees for certain assets, powers of attorney may apply to some assets but not others, and so on. At least in the case of wills, a testator may choose not to disclose the existence of certain property, at which point it may simply disappear. (However, one may not conceal property simply to avoid other legal obligations).
[33] A similar power to opt out or to redirect responsibility should exist for digital assets. However, this opting out should be a conscious choice on the part of the account holder and not simply a default option applied by a custodian. The Working Committee discussed the concern that click-through boxes will not be sufficient to bring to the attention of the account holder the consequences of instructing a custodian to delete an account on the account holder‟s death or to restrict access to a fiduciary. At the same time, the Working Committee recognized that an account holder should have the ability to direct a custodian to delete an account or restrict access to a fiduciary.
[34] Section 8 of the UFADAA requires a separate provision in a TOSA that the account holder must expressly agree to in order to limit fiduciary access and thus, prohibits boilerplate or click-through restrictions; it also expressly indicates that fiduciary access to a digital asset does not violate a TOSA, even if the fiduciary acts as the account holder for that purpose.
[35] The consensus of the Working Committee is that the Uniform Act should reflect the same policies. Opting out should require an affirmative act by an account holder to delete an account or restrict access to a fiduciary. Boilerplate waivers should be prohibited. How prominent the notice should be, and how much detail it should give of the consequences of deleting an account or restricting access, remains for discussion. Finally, the Uniform Act should include an express provision that fiduciary access to a digital asset does not violate a TOSA.
8. Should the Uniform Act include an anti-avoidance choice of law provision?
[36] The Working Committee discussed the concern that a TOSA may apply the law of a jurisdiction that does not provide for fiduciary access to digital assets. It was thought undesirable that custodians should be able to avoid giving fiduciaries access – essentially preventing them from doing their legal duty – simply by making their service account agreements subject to a law that does not provide for fiduciary access. Different options
are available to ensure that TOSAs do not opt out of the Uniform Act by choosing such a law: no waiver provisions, consumer protective provisions or “real and substantial connection to contract” provisions.
[37] Section 8 of the UFADAA states that a choice of law provision is unenforceable against a fiduciary if it limits fiduciary access to a digital asset.
[38] The consensus of the Working Committee is that the Uniform Act should include a choice of law provision that provides that a custodian cannot opt out of the Uniform Act simply by choosing an accommodating law for the TOSA. Account holders can opt out to the extent allowed by the Uniform Act, but choice-of-law avoidance should be prohibited.
9. Should custodians be immune from liability for acts or omissions done in good faith compliance with the Uniform Act?
[39] The Working Committee discussed whether a custodian should be protected from liability for acts or omissions in good faith intended to comply with the Uniform Act. Custodians may be exposed to civil or criminal liability for breach of privacy or unauthorized access to electronic records. Thus, custodians should be provided with protection from liability for good faith compliance with the Uniform Act.
[40] Section 10 of the UFADAA provides that a custodian and its officers, employees and agents are immune from liability for an act or omission done in good faith compliance with the Act.
[41] The consensus of the Working Committee is that the Uniform Act should include a provision that protects a custodian from liability for an act or omission done in good faith.
Administrative Matters
10. Should there be a time limit for a custodian to comply with a request?
[42] The Working Committee agreed that access to digital assets to a fiduciary must be timely enough that it allows a fiduciary to effectively deal with the assets. Section 9 of the UFADAA provides that a custodian must comply with a request made under the Act no later than 60 days after receipt of the request. 60 days does not appear to be reasonable. It seems too long. "Real world" custodians produce documents much more
quickly. However, the Working Committee recognized that any time limit for access must be reasonable for both the fiduciary and the custodian. Thus, while the consensus was that a time limit is required, the amount of time will need to be determined through consultation with fiduciaries and custodians, with an eye to the US law which custodians may be familiar with.
11. What documentation must a fiduciary provide to a custodian in order to obtain access?
[43] Generally, fiduciaries should be required to provide documentation that verifies their authority to act as a fiduciary for the deceased or incapacitated person. A Personal Representative should be required to provide a copy of the document that gives or confirms the authority of the Personal Representative within the province or territory such as a grant or letters of administration (these documents are described differently in different provinces or territories) or a copy of the will. A guardian should be required to provide a copy of the instrument or court order giving the guardian authority. An attorney should be required to provide a copy of the power of attorney. A trustee should be required to provide a copy of the trust instrument or court order giving the trustee authority. The required documentation should only need to show the relevant parts of the document that provide for the fiduciaries‟ authority and not necessarily require the entire document to be produced. Finally, a legal translation of a document should also be accepted.
[44] Section 9 UFADAA sets out the documentation that must accompany the request for access by a fiduciary. A Personal Representative must include a certified copy of a grant or letter of appointment. A Conservator must include a certified copy of the court order giving the conservator authority. An agent must include an original or copy of the power of attorney and a certification that the power of attorney is in effect. A trustee must include a certified copy of the trust instrument or in the alternative, a certification of the
trust.
[45] The Working Committee took the view that the specific documentation will be based on the legislation that applies in each jurisdiction that adopts the Uniform Act.
[46] However, the Working Committee agreed that for the purposes of the Uniform Act, documentation that would comply with the rules for access in the jurisdiction of its origin in Canada should be recognized across Canada to allow for access to digital assets. For example, there should be no need to reseal a document such as a grant in another province or territory in order to obtain access to the electronic records of a deceased
person. Currently, documents such as grants may be resealed for tangible assets located in another province or territory that is different from the province or territory where the original document is obtained.
[47] The Working Committee also considered the issue that arises when a deceased person has not named a Personal Representative. This may occur where an individual dies with a will that does not name a Personal Representative or where an individual dies without a will. While intestacies occur for individuals of all ages, it is a particular risk for younger individuals who are less likely to have prepared for the event of their death. Growing up in the digital world, these young individuals often have more electronic records than senior individuals, which aggravates the problem of figuring out what exists and of getting authority to deal with it. In these cases significant time delays may occur. A “chicken and egg” problem exists. Applications for authority to manage an estate often require information on the value of the estate. However, without access to electronic records the would-be Personal Representative may not be able to determine the assets and liabilities of the estate and thus, obtain that authority.
[48] The Working Committee considered that all jurisdictions currently have legislation that provides a priority list of individuals who can apply to administer an estate where a Personal Representative is not named in a will or on intestacy. In these instances, the required documentation should provide an alternative to requiring a document as referred to in Paragraph 43 above. Instead, a fiduciary should be able to obtain access to electronic records by providing the custodian with documentation that they have the priority to apply for the document under the applicable legislation.
Conclusion
Those are the key elements of a uniform statute to govern fiduciaries‟ access to digital assets. Subject to discussion and amendment by the Civil Section, the Working Committee recommends that it be permitted to prepare a Uniform Act to give effect to them, for adoption at the 2016 Annual Meeting.