German court says 'Nein' on Facebook profile access request A German appeals court has ruled that Facebook does not need to give the parents of a deceased teen access to the child's account. The Court of Appeals in Berlin on Wednesday overturned a regional court's decision to allow the parents of a 15-year-old girl who died in 2012 access to the teen's Facebook account to view her …
A coroner's court is a court, and AFAIK can order a company to hand stuff over. I don't think it quite has the same powers as a Crown Court, or the High Court, where non-compliance with an order is Contempt which can land you in jail there and then.
Not that Facebook are particularly receptive to such orders; they refused to reveal who the London attacker had been WhatsApp-ing, despite that aspect of WhatsApp communications being something they do know (it's part of their slurping) and the request coming from a police investigation into multiple murders. So I can't see them spilling the beans to help a mere coroner's court decide between verdicts of suicide, accidental death, unlawful killing, etc.
In this particular case I suspect Facebook's attitude has more to do with the fact that if it became known that parents could take over child's account, then teenagers everywhere would walk away from it. That would severely dent their advertising revenue in this age group.
Also Facebook sales reps have been reported as boasting that Facebook analytics can spot "emotionally moody teenagers" (or something like that). Apart from the no-shit-sherlock aspect of that, it's f***ing creepy that Facebook are doing that, and selling that to advertisers, but won't let parents see their dead child's account's whole content.
Facebook - created by an arse hole, continues to behave that way....
"Not that Facebook are particularly receptive to such orders; they refused to reveal who the London attacker had been WhatsApp-ing, despite that aspect of WhatsApp communications being something they do know"
Er, that is bollocks. They can't decrypt it as they don't hold the keys (the whole point of end to end encryption) but it seems it was not that hard to find out:
http://www.news.com.au/world/europe/westminster-attacker-khalid-masoods-last-message-revealed/news-story/a178e1545e4905daf26f040482fe1fb7
The article you linked doesn't say that WhatsApp spilled the message, but suggests that the UK police found some other means. Perhaps the recipient themselves got in touch with the police.
Not knowing the content encryption keys doesn't prevent WhatsApp knowing the source and destination of the content. In fact the only reason why Facebook bought WhatsApp was for this slurping opportunity.
The end-to-end encryption is bollocks anyway. Even with that, if you use WhatsApp to talk to,for example, a mistress, Facebook know when, how long, where you and she are, etc. And Facebook will advertise to you accordingly... So far as "damning information" goes, that meta data is plenty sufficient for most spouses to make their minds up, for law enforcement agencies to insist on you giving an explanation of your dealings with someone who turned out for be a drugs dealer / terrorist / burglar, etc.
"The article you linked doesn't say that WhatsApp spilled the message, but suggests that the UK police found some other means. Perhaps the recipient themselves got in touch with the police."
Since when was the story that WhatsApp would not disclose the destination of the message? Apparently Amber Rudd was quoted as saying ‘this terrorist sent a WhatsApp message and it can’t be accessed’ which implies they were interested in the contents more than who received it (I guess in case they had then destroyed their phone, etc, if it was secret, but catching associates was probably easier).
In this case, the family had the password, but the "friends" had already petioned to put the page into memorial status, so the parents can't access the account.
The police have not applied for a court order to look at the account.
The parents want to look at the private messages, to see if there was any indication, that she was suicidal. It would seem that the police see no grounds to look at the account, or having done so, they aren't sharing the information with the family - data protection again.
The data protection law also covers WhatsApp, Instagram, Telegram and any other messaging service. The estate gets access to physical post, diaries etc. but all electronic communications and stored information are out of bounds. If you want your family to have access to your data, family photos etc. after your death, you need to ensure that they have the password and ensure that it is in your will, that they should have access to your accounts.
"The German courts have interpreted the data protection laws to cover the dead as well."
No.
Accessing the account would mean accessing what are basically conversations between several persons. One of the persons involved is dead. The others are not, and therefore have rights re protection of their data.
"It's not the dead girls data and privacy being protected, it's everyone else who has interacted with her."
This occurred to me, that if the parents get access and see messages that suggest the girl might have been coerced into taking her own life by private messages from another set of people, they could start proceedings against other users based purely on suspicions, which I would have thought would have been the job of the courts and the Police to determine. If the courts and/or Police are convinced she took her life because she was unwell and someone took advantage of that, then they might be able to apply for access for the investigation.
The whole problem with social media is that everything you post is intertwinned with so many other people on the same systems and sometimes beyond, you can't just untangle one person's profile without all the other strings attached also being tugged.
"Data protection law only applies to the living."
This is exactly the point here.
Accessing the account would mean accessing what are basically conversations between several persons. One of the persons involved is dead. The others are not, and therefore have rights re protection of their data.
In this case, the family had the password, but the "friends" had already petioned to put the page into memorial status, so the parents can't access the account.
There are several aspects of this case that are troubling, mainly because of the lack of any real detail in the reports. Also whilst this maybe a German court case, I'm uncertain about the potential implications on EU law which depending on timing will be incorporated into UK law.
Firstly, we should be concerned that Facebook changed the status of an account, seemingly simply on the receipt of messages from other Facebook user(s). Something they should have only done as a result of an official communication that unambiguously and uniquely linked a deceased person to the specific Facebook account.
Secondly, there are questions about the rights of Parents/Guardians of minors. From the Guardian's report ( https://www.theguardian.com/technology/2017/may/31/parents-lose-appeal-access-dead-girl-facebook-account-berlin ) it seems "The court said it had made the ruling according to the telecommunications secrecy law which precludes heirs from viewing the communications of a deceased relative with a third party." - clearly in the first instance, Parents/Guardians (of minors) are not simply 'heirs'.
Also the Facebook Terms of Service (putting to one side whether they are actually enforceable) don't allow for the situation where an over 13 user is still a minor in many jurisdictions and hence a parent/guardian have some rights/reasonable expectation of oversight and access.
"The social network says it had worried that a court ruling could set precedent to erode the privacy rights of other account holders after their deaths."
Ok, I'm going to let off a sweary rant, Please stop reading if offended.
Fuck off, just fuck off, privacy is not something you do fucking ever.
Double fuck off because you are holding information and a big fuck you because you are stopping grieving parents finding out the truth.
Treble fuck you because you have no intention of interest in fixing the situation.
Facebook needs to die a fiery death.
And yet if the situation affected you in the reverse, I'm sure you'd have a just as clever way of slagging that off too.
I do feel like as it's a minor, there should be some leeway, but overall, I think they're doing the right thing. People expect their profiles to be private, that should extend to after death (and before you open your mouth, my missus died in 2013 and I couldn't access her profile to get pics that were set private, so yes I have experience with this)
Yep, Facebook hasn't really understood the whole next-of-kin thing.
A spouse has life-or-death decision making powers over the medical treatment of an unconscious spouse, but cannot access that spouse's Facebook profile if they die whilst Facebook continues to profit from it. Completely unacceptable.
Where's the socially acceptable balance between privacy and profit there?
Are widows, widowers going to be permanently powerless to control whether a large part of their bereavement and grieving is public, private, or deleted?
Except FACEBOOK rides roughshod over privacy, also of EVERY user of every website that has their evil scripted icon instead of icon and plain link. Not just their own users.
Facebook don't know the meaning of the word privacy. It's about CONTROL. They control.
I have a special notebook with all the websites I use. If I die (mysteriously or not), the survivors can pretend to be me.
If you are teen and don't trust your family, at least make a backup of logins and have someone mature and trustworthy mind it.
@Andy Tunnah
I see where you are coming from but at the end of the day you should have had access and so should these parents, once you have popped your mortal coil privacy is no longer an issue for family members (please note how I put family members and not everyone). The real issue here is that Facebook don't want another story about bullying plastered across the news. Their actions and views on privacy when you are alive are an absolute disgrace as it is. I get annoyed when a company takes the high ground in a situation such as this when realistically they are just being self serving bastards so no I wasn't being clever just realistic as I can only imagine what these parents are going through not knowing the truth about their child.
Sorry, once you sent a message to someone you lost control over it. If you write a letter to a relative of mine, and I inherit it, I guess you can't tell any longer the letter is a property of yours.
Otherwise, how could, for example, Whatsapp raid address books and send to the mothership telephone numbers (and probably other data) of people who never wanted to give their data to whatsapp? How could Google and others analyze email sent by people who never entered a contract with Google?
And you know the boilerplates at the end of many mail messages have very little legal value?
@LDS you might have physical letters, and that is what the German press is reporting, they are yours, once you inherit them. But electronic communications are protected under law and the court has intepreted that as meaning that, even if you inherit the password (which is the case here), they can't force Facebook to take the page out of memorial mode, because it would violate the rights of the others who communicated with the dead party.
"People expect their profiles to be private, that should extend to after death "
Why can't they give us death options?
Make it law that there must be multiple choices for what happens after your death.
In life I am extremely private, when I am dead, well.. I am dead so privacy for me is no longer an issue, you can trawl through my photos, read all my messages, and I don't care!
give people the choice, and the default should be that the heir has full access to the account contents, although I agree with a memorial mode for social accounts like facebook the private contents should be available to the heir unless the person chose to not share it, and then only if that person was over 16.
>Why can't they give us death options?
Death is something that IT is only relatively recently starting to get to grips with - remember the news stories of a few years back about enterprise systems not flagging or deleting details of dead people and thus cold calling, sending out mailshots, bills etc. to dead people.
Similarly, this case illustrates how IT service providers (and application writers) need to get to grips with the handling of minors and parents/guardians, so that a minor's digital life is respected in much the same way as their physical life: For example, when a child dies, a school simply gives the parents the contents of their (physical) locker, minus any school textbooks/property.
But, unless all those people with whom you privately communicated are also dead and also have waived their right to privacy, what you want is irrelevant, once you are dead.
Your heirs would have to get the permission of everybody who had communicated with you over the platform, in order to look at the data...
@Andy Tunnah
Surely, if anything like a standard UK will, where death of one partner in a marriage then all assets / possessions to the other partner, that would include right to the FB account as it contains images etc, which though digital, is surely no different than inherting a "physical" photo album with 6x4s or whatever within..
IANAL - (I have morals) but presumably a half decent one could get you access to deceased life partners FB.
Failing that, gutter press would no doubt go for it on a quiet news day.
And yet, in this case, Facebook is actually following data protection law. The family has no rights under the law to look at their daughter's data.
If the daughter had left a will behind, saying that her parents should have access in the event of her death, that would be another matter.
If it is in the will, they have to give access. If it is not in the will, they CANNOT give access,
As a father of a 9 year old I always assumed from that that the I (the guardian of the child) has more say in that child's privacy than the child did (at least until they reached 16 or 18).
After all its my job to protect that child until they are advanced enough to understand the shit eating fuckers that are out thee preying on them.
Facebook proof that there is a NEED for me to perform this role, but as they are rich and paid the right back hander in a brown paper bag to some German......
But even so, the parents don't automatically have the right to breach other people's privacy, i.e. those with whom the daughter communicated privately. That is the issue here. They can look at the memorial page and see the public communications, but the private communications are private, unless an investigative body (police etc.) can get a warrant to open up the communications.
"Facebook needs to die a fiery death."
Although I'm no fan of Facebook myself there's hardly enough information in the article to put the blame fully on Facebook.
For example: was she living with her parents or had she left the house already? This could make for a huge difference in the whole situation. Second of all: if she did live with her parents and all then isn't it safe to assume that the parents also gained control over the girls tech? So how hard would it be to try and get a password reset and gain access that way (I'm sure they'd also had access to her e-mail and cellphones)?
The way I see it they started with contacting Facebook, so how exactly would Facebook determine everything was legit here? For all we know the girl could also have been trying to get away from her parents mind you. And giving them access like this could then open up Pandora's box to them.
I'm not saying that this is the case, but with these things you need to rule out every possible scenario, including the nasty ones.
Thing is: if something were to happen to me then I'm pretty sure my parents will know exactly where to look for my password collection. They wouldn't need to contact website owners, all they had to do is use my passwords.
Why didn't that happen here as well?
As such my comment: there's hardly enough information provided to automatically put the blame on Facebook.
The parents had the password, the page had already been put into memorial mode by "friends" of the deceased, which blocked access.
Facebook refused to deactivate memorial mode and allow them parents access. They were taken to court and the parents lost, because the German Telecommunications Secrecy act protects private electronic correspondance.
It didn't matter, in this case, that the parents already had the passwords, the courts have said that that is irrelevant. The communications are protected by law.
If the parents had the password to her account then this would surely indicate a willingness to have her messages read by her parents, which also includes a willingness to share communications she had with others. Your right to privacy when you send me a message is as good as my right to show others what you sent, since you have deferred that responsibility by sending it to me. If what you wanted to say was truly private, then keep it to yourself. Once it is delivered it is a different story since it has reached the recipient, and as such it belongs to them now. During transmission i could accept that no one has the right to read the message prior to the recipient having received it. Here be not the case. Seems a misapplication of the law since the parents have the password.
Exactly where did anyone say that WHO it was sent to was inaccessible?
That was my point, people here and elsewhere are saying that WhatsApp would not tell the police the message metadata (i.e. who, when) but in fact all that was actually said was "British security sources last month revealed Masood sent a WhatsApp message but it could not be accessed because it was encrypted by the popular messaging service". I.e. the result of end-to-end encryption.
Please read the original AC post where they said "they refused to reveal who the London attacker had been WhatsApp-ing" and my own again, and then come back with any reading comprehension issues.
WhatsApp couldn't help them not because of encryption, but because they don't even have the message any more, encrypted or otherwise.
The only thing the police had got is the ICR which says the phone connected to WhatsApp's servers. The same problem would have happened if the message were in plain text.
Can you provide any reference to say that WhatsApp did not have any metadata to share? It seems that they do collect this and have provided it in the past:
https://fossbytes.com/whatsapp-chats-collect-data-metadata/
http://money.cnn.com/2016/04/05/technology/whatsapp-encryption/?iid=EL
Brazilian authorities have demanded WhatsApp hand over IP addresses, customer information, geo-location data and messages related to an ongoing drug trafficking case.
WhatsApp says it has been cooperating, but is not able to provide "the full extent of the information law enforcement is looking for" because of the encryption it had already implemented.
You're asking for something different. According to the quote, they wanted a message:
"British security sources last month revealed Masood sent a WhatsApp message but it could not be accessed because it was encrypted by the popular messaging service"
WhatsApp deletes messages once received by the client. The police would need to look at to the sender or the receiver's phone because WhatsApp don't keep a message history.
I don't know how WhatsApp holds contact lists or logs IP addresses/geo-location so I didn't comment on that.
But in the US, the right to privacy (what VERY little we have here) generally terminates with death.
I suspect few dead people have ever complained about their information being released.
As for Farcebook being worried about someone's privacy -- PLEASE! What their motives are, I can't say, but I can't even BEGIN to believe they care about anyone's privacy as a right. There must be a hidden agenda here, possibly just control of their data. Or maybe they're working on a way to monetize data from the dead, although we don't see any sign of that right now (but wait a bit...).
But in the US, the right to privacy (what VERY little we have here) generally terminates with death.
I suspect few dead people have ever complained about their information being released.
OK, but data of this sort is rarely specific to only the account holder. A photo of a couple is still a photo of both of them, even if posted by just one of them. The survivor's right to privacy is still intact, but Facebook won't let them exercise that right. Arse holes.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
