In 2014, the Uniform Law Commission drafted UFADAA - the Uniform Fiduciary Access to Digital Assets Act. UFADAA’s goal was to aid fiduciaries in the inventory, reporting, and distribution of digital assets. However, only the state of Delaware enacted a version of the statute before, in 2015, the ULC proposed a revised version of the statute, RUFADAA (Revised UFADAA.) In this post we will review both statutes, what permissions they proposed for fiduciaries, and what factors pushed the revision of UFADAA.
The Uniform Fiduciary Access to Digital Assets Act (UFADAA), introduced in 2014 by the Uniform Law Commission (ULC), was a significant attempt to address the complex issue of digital asset management after a person's death or incapacitation. However, only the state of Delaware enacted a version of the statute. UFADAA encountered so much resistance and criticism that only a year later in 2015 the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) was adopted instead. This blog post delves into the reasons behind this revision.
Understanding UFADAA’s Intentions and Challenges
UFADAA aimed to grant fiduciaries of all kinds broad powers to access, control, or manage digital assets. Digital assets refers to everything digitally accessible. Think emails, social media accounts, online financial records, and the like. UFADAA granted default access to digital assets by fiduciaries. This could only be reversed if a decedent explicitly opted out of UFADAA while still alive. Conservators were an exception: they required court orders or express permission to get access to data and assets. However, UFADAA faced significant challenges:
Privacy Concerns: One of the primary concerns was the potential invasion of privacy. For example, UFADAA granted fiduciaries access to the content of electronic communications, such as emails, without requiring the consent of the account holder or any court order. This broad access raised concerns among service providers and privacy advocates. Digital data accumulates quickly and something like an email account fulfills such a wide array of functions that granting a fiduciary sweeping access to all its contents is irresponsible at best.
Resistance from Tech Companies: Major technology companies and service providers raised objections to the original UFADAA. These companies, which manage a significant amount of digital assets and user data, were concerned about the implications of granting fiduciaries broad access to a user’s digital assets. They argued that this conflicted with their terms of service agreements and federal privacy laws, such as the Electronic Communications Privacy Act (ECPA), which prohibits providers from disclosing content without user consent.
Legal and Regulatory Concerns: UFADAA also faced legal challenges related to its alignment with other existing laws. The concerns were primarily about how it interacts with ECPA and the Computer Fraud and Abuse Act (CFAA), both of which were defended by privacy advocacy groups. Both ECPA and CFAA impose restrictions on unauthorized access to digital accounts, creating a conflict with UFADAA's broad grant of authority.
RUFADAA: Balancing Access and Privacy
Recognizing these challenges, the Uniform Law Commission revised UFADAA, leading to the creation of RUFADAA. RUFADAA sought to balance the needs of fiduciaries with privacy and service providers concerns. Key revisions in RUFADAA include:
Tiered Access Approach: RUFADAA established a tiered approach to access. It prioritizes the deceased's expressed wishes, as stated in their will, trust, power of attorney, or other records. If the user hasn't provided explicit directions, the terms of service of the digital service provider apply. Only in the absence of both does RUFADAA's default rules apply.
Limited Access to Content: RUFADAA restricts fiduciaries' access to the content of electronic communications unless explicitly authorized by the user or court. This means a fiduciary can see the sender, receiver, and timestamp of an electronic communications by default, but not its contents. This change significantly addressed privacy concerns.
Compliance with Federal Laws: RUFADAA was carefully drafted to align with existing federal laws like the ECPA and CFAA, ensuring that fiduciaries' actions under the statute would not inadvertently violate federal law.
The revision from UFADAA to RUFADAA reflects a step towards understanding the nuances of dealing with digital assets. While the topic continues to evolve, RUFADAA has been adopted by 46 states so far, a marked improvement from UFADAA. Delaware continues to use its version of UFADAA, while Louisiana, Massachusetts, and Oklahoma have yet to enact either statute. As digital generations begin their end of life planning, unexpected issues will continue to arise. However, RUFADAA has been a good initial measure to get ahead of this problem and hopefully avoid fiduciaries and beneficiaries significant headache in retrieving and distributing digital assets.
If you’d like to learn more about the limitations posed by RUFADAA, you can check out our earlier blog post: RUFADAA’s Blindsposts.
Keep up to date on all announcements from Bequest.