3 September 2024

Personal information, death and the rise of ghostbots

Georgia Brinkworth
Consultant
Piotr Debowski
Manager
Laura McVey
Manager

elevenM’s Georgia Brinkworth, Piotr Debowski and Laura McVey discuss the need for privacy law reform to protect the personal information of people after death and address the risks of commodifying grief.

Under the Privacy Act 1988 in its current form, information about deceased individuals is not considered to be personal information, meaning that the privacy protections set out in the Act don’t extend to the deceased. This is consistent with the general principle under common law that the dead cannot bring an action to protect their reputation.

However, with an ever-changing digital landscape and a rise in the use of AI, people are living on in digital form after death. With ongoing advancements in technology, it is time to stop and ask: should we be considering a right to be left dead?

Post-mortem privacy rights in Australia and around the globe

The general approach in Australian jurisdictions is that privacy protections only apply to a ‘natural person’ meaning a living human being. However, there are exceptions applying to the protection of health information of a deceased individual, with varying time limits in each State, from 5 to 30 years, with the ACT as an outlier at no time restrictions at all. The reason for the existence of such exceptions has primarily been due to recognition that health information can be used to infer information about living relatives and cause harm to them.

Across the globe, many privacy and data protection regulations also only impose obligations for and afford rights to, living persons’ personal information. This includes jurisdictions like the European Union, United Kingdom, United States, Singapore, and South Korea.

This has arisen because of the legal conception of privacy and characterisation of personal information. Traditionally, privacy has been viewed as a private right enforced through human rights legislation or torts. In common law systems, this is problematic because of the legal principle action personalis moritur cum persona. That is, personal causes of action die with the person. Further, torts have largely required the individual to show that they have experienced harm to receive a remedy. While deceased persons are not able to feel embarrassment, shame, or be the subject of a physical injury, they can still suffer harm, such as damage to their reputation or image — but this is much harder to prove.

With the proliferation of technology, these conceptions are changing. Some jurisdictions, like Bulgaria, have expressly extended their privacy regulations to deceased persons, with their heirs being able to exercise some privacy rights on their behalf.

Likewise, although still at largely a theoretically level, there is a growing movement to characterise personal information as property and enforce it as a proprietary right. This approach is said to address the main deficiency outlined above as, unlike private rights which die with a person, proprietary rights continue to exist even after the property is destroyed and can be transferred or enforced by others, like heirs or executors of a deceased’s estate.

Tombstone theft

Our interactions with the online world are known as a digital legacy or footprint and can be broken into two categories:

  1. digital assets (such as purchases, subscriptions, account usernames and passwords)
  2. digital presence (such as social media profiles, emails, messages).

Technology impacts almost every aspect of our everyday lives, and increasingly after death.

‘Ghosting’ or ‘tombstone theft’ refers to the theft of a deceased individual’s identity, and while it is not a new practice, the technological application of it is a rising concern. There is growing evidence that scammers are using digital legacies to commit fraud and identity theft offences. Despite a general under-reporting of identity crimes in Australia among the living, the numbers still account for higher levels of crime than reports of robbery, household break-ins or motor vehicle theft. The levels of tombstone theft are even harder to detect, where there is no one alive to notice and report the activity, making the deceased the ideal targets.

The eSafety Commissioner has a dedicated information page to help individuals plan ahead and there is increasing legal interest in digital estate planning. The rise of ghosting also carries implications for businesses, making effective access controls and management are more important than ever, particularly within organisations that have a large workforce. There is also a compelling case for the use of services such as the Australian Death Check and the Commonwealth Document Verification System to verify an individual’s identity prior to engaging with them.

Ghostbots

AI developments have tapped into people’s reluctance to let go of deceased loved ones, with the rise of websites and app developments referred to as Deathbots, Thanabots, Griefbots or Ghostbots. These platforms can enable text-based or phone call conversations with anyone, including a deceased individual. Depending on the website or app, this representation of a deceased individual could be generated through photos, lines of text, emails, text messages and videos. Individuals who have died can be resurrected for their loved ones to communicate with. However, many argue that this could be harmful for both the deceased and the living.

From the deceased perspective, being turned into a ghostbot or deathbot could impact on their dignity, or, if the AI has been trained on their content, draw inferences that enables the bot to reveal personal things about them that they didn’t necessarily want a loved one to know or have them say something that they never would if they were still living.

It may not be in the best interest of a living person to interact with a ghostbot while they are grieving. Research suggests that ghostbots have the ability to create harmful emotional dependence for individuals. There is also a risk that the ghostbot may say something harmful to an individual, give bad advice or misinformation.

For all parties involved, it is important to remember that these technology products are being created by an industry looking to make a profit and monetise both the after-life and people’s grief and dependence. In the academic study Griefbots. A New Way of Communicating With The Dead?, Jimenez-Alonso & Bresco de Luna state that afterlife companies may implement a range of strategies to ensure the bereaved stay using the service by sending unsolicited messages or notifications from their deceased loved one. This commodifies the intimate bond individuals have with loved ones and has the ability to reshape the relationships individuals have with the deceased.

The right to be left dead

As these technologies are still in early stages, there are a lot of unknowns and many more discussions to be had. But we need to ensure that these discussions are had with the deceased individual in mind, not the profit margins businesses are looking to make from grief and people’s desire for connection. And one of the key tools that we need to ensure that happens is changes to privacy legislation around the globe. The right to be left dead needs to be considered, for the benefit of both the living and the dead.

Contact us

If you’re interested in learning more about privacy and privacy law reform, please contact us.