Previously, I’ve written about courts ordering spouses to reveal their Facebook passwords in the course of a divorce proceeding. In the past few weeks, there have been several stories about employers asking a job applicant to reveal the applicant’s Facebook username and password and schools asking a student to reveal the student’s Facebook username and password. See articles here, here, here, here, and here for a sampling of articles. The ACLU quickly condemned this practice as an invasion of privacy and has encouraged legislation to protect users’ privacy.
Facebook’s Chief Privacy Officer, Erin Egan, posted on March 23, 2012, that demanding access to a Facebook user’s profile and private information “undermines the privacy expectations and the security of both the user and the user’s friends.” She states, “That’s why we made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.” She also states, “Facebook takes your privacy seriously. We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action.”
In a previous post about Planning Ahead for Access to Contents of a Decedent’s Online Accounts, I cautioned against having a family member or fiduciary use the password of an incapacitated or deceased user to gain full access to that user’s online accounts (“the account itself”) because it may not be permitted under the Web service’s Terms of Service contract, and it might even be construed as “unauthorized access” under a state or federal criminal law. According to the statement quoted above by Facebook’s Chief Privacy Officer, in addition to state or federal criminal laws, Facebook may initiate legal action (presumably a civil law suit against the person exceeding access to the Facebook account) where appropriate to protect the privacy and security of users.
It’s essential to plan ahead with a list of passwords so that, during a period of incapacity or after your death, your fiduciaries and family members have full access to your smartphones, tablet devices, computers, and encrypted data storage. But, your fiduciaries and family members must think carefully about the potential for criminal penalties or civil lawsuits if they try to use your list of passwords to get full access to any of your online accounts (“the account itself”). As I’ve discussed before, the safer course of action for now it so have the duly–appointed fiduciary for an incapacitated or deceased person request a copy of “the contents” of the online account from the online service provider, and that should not be construed as “unauthorized access.”