Humans, when they are alive, have several rights within the confines of the privacy of their data housed and accumulated by data holders/providers. This body of data privacy rights include rights such as protection against indiscriminate disclosure, right to withdraw consent, right to a copy of their data, amongst others. The question is: what is the status and applicability of data privacy to a deceased persons’ right? Does the same data privacy and protection law or regulations still apply to these inanimate entities?
Generally, data privacy rights are considered as a part of personal rights which is indicative of the latter’s sole application to the living and not the dead. The only exception to this is perhaps property rights when we talk of wills, inheritance, and the likes.
But it appears that the American HIPAA, the United States’ federal kingpin on health privacy regulations, recognizes the privacy of patients’ health. It provides that deceased health data must be protected just as it would have been if the individual was still alive, and such protection has to be in place for up to 50 years after the death. The Law even goes as far as prohibiting the release of the data to family members – with exceptional circumstances.
Outside health data privacy, the industry standard for the tech and Innovation industry has always been to the effect that terms-of-service agreements between data owners and data providers provide for the immediate, permanent deletion of data of deceased persons.
In the final analysis, you really have nothing to worry about regarding your data on your demise. Your data provider would deal with it in all fairness and on all fours with any prior agreed way.