Cyber Law Conference Budapest 30th November 2017 – Review

On 30th November 2017 the Infocommunication Law Department of Károli Gáspár University of the Reformed Church Faculty of Law organized a great conference on Budapest about the hot topics of cyber law. I had the opportunity to not just take part but make a lecture about the news of the codification about social media.

My lecture was about the challenges that the legislation have to face to when it starts to think about the legislation for social media. I took a look at the specialty of this new generation of media and showed the legal systems where we can find specific acts in connection with the topic of social media. In this part, I presented the legal system of the United States and the acts about the legal aspects of online data after death. I also spoke about the Netzwerkdurchsetzungsgesetz (see below) and how Germany step up against hate speech on Facebook, Twitter and co. At the end of my lecture I talked about the draft of the Hungarian data protection act, which contains provisions about the enforcement of personal rights after the affected persons death.

We can also hear great presentations in the first section about the role of algorithms in online content consumption, the information policy of states against social media, the connection between algorithms and competition law or the legal questions about the streaming of court hearings.

At the end of the first section, the audience had the opportunity to ask questions from the lecturers, so we started an exciting professional discussion about the lecture we have just heard.

The second section was about related legal issues, like the legal framework for intelligent networks and systems in energy, online systems for hearing or unfair online commercial practice.

I really enjoyed the whole programme, and hope for more professionally organized conference about these very current topics.

Federal Laws Part II. – The Stored Communication Act

The Electronic Communications Privacy Act (and its part, the Stored Communication Act) can also be the limit of access to the deceased’s online data for the personal representative. The Stored Communications Act specifically regulates that for the service providers it is forbidden to disclose any data in connection of the electronic communication they provide. The Act’s privacy protections have been a significant obstacle for fiduciaries and family members seeking access to the contents of a deceased individual’s online user accounts. However this prohibition can be broken in defined exceptional situations. Thus, the electronic communication provider is the recipient of such communication (for example, if you did not send that email), if the deceased gave his or her lawful consent for the person requesting access or for the law enforcement offices (if it is likely that the data contains information for a crime).

The full text of the Stored Communications Act available here.

In these exceptional cases, the provider is required to disclose the deceased’s online data. On this issue the law contains a provision that regulates voluntary data disclosure. However, this can only be done by “service providers” that are not provide public electronic communication services. For this a good practical example can be an employer who can consider whether to release for the relatives the dead employee’s professional letters, and the private letters he or she sent or received on the company e-mail.

The Stored Communication Data Act was interpreted in the very new case of Ajemian v. Yahoo by the the Supreme Judicial Court of Massachusetts. The briefs filed in this case by the parties are available here.

The Supreme Court concluded  that the personal representatives may provide lawful consent on the decedent’s behalf to the release of the contents of the email account.

This is a really significant action in the legal aspects of online data after death: the Supreme Court broadened the circle of people who can give lawful consent for the release of online data such as e-mail accounts.

Jim Lamm, the great expert of this topic dedicated a post to this subject on his blog, which you can reach here.

Effects of Netzwerkdurchsetzungsgesetz (German network enforcement law)

Facebook is opening its second center in Essen, Germany.

The center is going to investigate and delete the offending posts from the site. One of the reasons behind Facebook’s decision is a bill recently adopted by the German parliament (Bundestag), with the aim of repelling hateful posts and the fight off against breaking privacy rights by the government.

According to the new German law social media companies such as Facebook could face fines of €50.000.000 for failing to remove hate speech within 24 hours if the situation is easy to clarify. If the situation is difficult and requires detailed investigation, the service providers has one week to do it and the decide about the deletion.

The new bill is effective from 1st October 2017 but the authorities will have the right for fining from 2018. The new regulation is affective for every social media site, so besides Facebook Twitter and Youtube is also in the spectrum of the bill.

Facebook now employs 4500 people worldwide to remove legally objectionable content, but they would like to increase this number to 7500 in the future. From this autumn there will be 500 in Essen while in Berlin the number of staff has just been raised to 700 in the local center.

In the recent weeks we can hear pros and cons about the new law, which can definitely affect the freedom of speech but can also provide defense for sensitive layers of the society. I don’t think the German government would like to start the new year with a €50 million fine but it is obvious that the age we live in, the traditional legal instruments against hate speech are not effective enough.


Law & Innovation Conference Budapest 27th May 2017 – Review

On 27th May I had the opportunity to take part and make a presentation on an excellent conference in Budapest about law and innovation. Here is a brief review about the event.
18921932_1967724866700594_1550909429437089004_nThe Law and Innovation Conference was organized by ArsBoni, a community of young Hungarian lawyers and law students whose website ( is about making legal issues understandable for non-lawyer readers by great articles. The event took place in Impact Hub Budapest, a modernized workshop venue.

In the morning, sponsors and the representatives of ArsBoni made presentations in the topic of law and innovation (challenges of IT security, innovative products and services for lawyers or the impact of lawtech on the access to legal knowledge) and in the afternoon young jurists and PhD students were presenting about their topic in 3 sections: Law & Innovation, Internet & Law and Fintech.

We heard lectures about cybersecurity (which was such a popular topic), the legal issues of sharing economy and the impact of ‘uberization’ on labor law, e-governance, questions of copyright in the age of e-books and cloud computing or legal questions of bitcoin.

My presentation was about the legal classification of terms of use on social media, which will be an important topic in the future on this blog, too. There was also a presentation about the main topic of the blog so we had the opportunity to hear the news of legal aspects of online data after death.

The full program is available on this link (only in Hungarian).

All of the presentation was well build-up and the whole event had a great vibe. It’s always a joyful experience to be among young scientist who not just thinking about law as a discipline or a profession but looking for new ways of approach in the 21st century.

Thumbs up for the organizers, all the presenters and guests.

(Photo credit: ArsBoni Facebook page)

Federal Laws Part I. – Computer Fraud and Abuse Act (CFAA)

I haven’t posted on the blog for a long time, but there is a reason why. Lately I’ve been working on a study about the legal classification of the Terms of Service on social media sites. It has finally been published (yet only in Hungarian) and I had the opportunity to present my findings for the first time on a conference for PhD students. I will definitely share my thoughts about this topic on this site in the future, but now I would like to focus on the main subject of the blog, the legal aspects of online data after death. More precisely, on the effective federal laws in the United States, which refer to this issue.

Generally, we can declare there are three federal laws in the USA, which are connected to our topic in an outstanding degree:

  • Computer Fraud and Abuse Act (CFAA)
  • Electronic Communication Privacy Act (ECPA)
  • Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA)

RUFADAA is a federal law enacted by 24 member states at the moment, and it is a law regulating entirely the issue of how relatives (fiduciaries) can get access to the digital assets of their deceased loved one. I know that this is a key law of understanding the topic I am writing my posts about but as a good poker player I would like to delay my trump card for a later post. It is also important to get to know the other two federal laws.

This time I would like to introduce the importance of Computer Fraud and Abuse Act (CFAA).

The Computer Fraud and Abuse Act (CFAA) was enacted by Congress in 1986 as an amendment to existing computer fraud law, which had been included in the Comprehensive Crime Control Act of 1984. This law has been made to prevent attacks against „protected computers”. At the beginning, this definition was applicable only for computers used by the US Government and its authorities.  It is basically a criminal law, but from 1994 private individuals and companies have the opportunity to start a legal action against the violators of this law.

CFAA name 7 different types of action which can be criminalized by this law. One is really important from our aspect: not only the access of a computer without authorization is a crime, but the exceeding the authorization also. Why is it important for us?

Because service providers often refer to this part of the CFAA when they refuse the request of leftovers for access to the online data of their deceased relative.  They would commit a crime by exceeding the authorization they get from the deceased person for storing their data and give access to the relatives. Naturally, there is no chance to get authorization from the “owner” of these data, unless there are provisions in the will about this problem.

Next time, I am going to introduce the connection of Electronic Communication Privacy Act to the topic of online data after death. And I promise it won’t take 3 and a half months again.

Light a candle for the dead (with a click) –

Beyond the scope of our subject with legal nature, there are also other aspects of the relationship of grief and the world wide web. The post is about a special website for mourning relatives. is a website for making memorial pages for our loved ones who passed away. A relative and a friend can create this memorial page, and can send obituaries. On this page they can upload photos of the deceased or the story of his or her life, choose music which is played on the memorial page, light a „digital” candle and even spot on Google Maps where is the physical grave of the deceased.

The page is basically free and for 12€/ year there are premium options (like playing your favourite song on the page, or make a special QR code which brings the user for the page).

Hopefully it won’t become a tendency to move every emotional expression to the internet, but this page is undisputedly can be practical for relatives and friends who live on the other side of the world and can’t visit the grave personally. This page has a restrained and respectful approach to the very sensitive subject of grief, so I think it is a remarkable idea.

Born In The USA – Level Of Member States

The first legislature of the world which has found our issue to be something worth to take care of was the legal system of the USA. (Of course, I didn’t have a choice to check all the legal systems of the world, so I would receive happily any contradictions in the comments.) It is an interesting question why the USA was the first in this topic. Altought the answer is not as difficult as it seems: all the huge, multinational service providers (Facebook, Google, Yahoo, etc.) are established in America, and – maybe bacause of this fact – using the services of these companies is significantly common among the citizens of the USA.

connecticutAs far as I know, the first state of all was Connecticut in January, 2013 where written acts have been created about the problem of online data which belongs to people who have already passed away []. This act gave the power for the personal representative of the deceased person to access or copy the content of the person’s electronic mail account. The enactment of this act was a historical moment, it is clear.

rhode-islandThe second state was Rhode Island ], where an act have been enacted word-by-word the same as in Connecticut.



indianaThe third state was Indiana in the line []. This act was really similar to the one from Connecticut and Rhode Island, but used a better terminology by citing „electronically stored information and documents” instead of talking about only the e-mail account.


oklahomaThen came Oklahoma [] where they tried to find the golden mean between the too specific form used by Connecticut and Idaho and the too general used by Indiana. They put in the focus of their act the following group of data: e–mail account, social networking account, microblogging account, or short messaging service Web site.

idahoIn Idaho [] we can find the same rules which grant the right for the personal representative of a deceased person’s estate to take control of, conduct, continue, or terminate a deceased person’s e–mail account, social networking account, microblogging account, or short messaging service Web site.

nevadaState of Nevada’s attitude was more conservative []. They only gave the right only to terminate the deceased person’s accounts for the personal representative.



virginiaIn Virginia [ ], only the personal representative of the deceased minor (person under 21) got right to access the minors online accounts.



delawareFinally, Delaware enacted a much detailed law based on UFADAA. What is UFADAA? This will be the topic of a following post, so we should stop here.




If we would like to evaluate the initial acts enacted by these states, we can appreciate the efforts and the braveness of creating laws about the online data after death for the first time, but we have to state: these acts by themselves rule only a small part of the big issue, so they are not able to grant a satisfactory solution to the problem.


Is this a legal issue at all?

It is a fair question, but the answer is a big indisputable YES. The extremist views about the internet as a law-free zone are left behind for years, but the right answers from legislatures to the sensitive issues of the intemperate use of the web are yet to come.

If we focus on our main topic – legal aspects of online data after death – as far as we know there has been only one legal system until know, where the legislative power tried to find answers for these complicated legal and moral questions.

Of course, we can approach it from a theoretical aspect. If we think of the rules of privacy law, we can be lost easily, because the most of the national privacy laws consider personal data as information which can be connected to a natural person. That means after someones death, his or her online data ceases to be personal data and become… What? There is no answer in these laws for this question.

Only the „right of the dead” which is actually the subsistence of the deceased personal rights, and a legal tool for the relatives can help the mourning relatives to defend their lost loved one’s memory against offending comments and other immoral online actions, but it does not mean they have right to get access to the leftover online data, family pictures, unsent messages, etc. This is the Bermuda Triangle of this topic, where there are so less answers, and several uncleared issues.

As far as we know we can find related acts in the legal system of the United States. There are two levels of these acts: federal and on the level of member states. What is the content of these laws, and what is the relationship from the aspect of application? This is what my next post is going to be about.

“Let there be light”

This is the first post on this site, so I think it should be standout, especially interesting and high effective. I hope without any linguistic tricks or over usage of twisted legal cases, the subject of this site itself can grab your attention.

Have you ever been wondering what happens with someone’s Facebook profile, e-mail account or World of Warcraft character when he or she passes away? I don’t blame you, if the answer is no.

Although it is not a question of doubt that the Internet become a second level of our life in the last decades. We start our day with the news on our phone, on the way to work we check our Facebook profile, at work we send dozens of e-mails, and when we finally get home in the afternoon, play some online games to switch off our brain. Furthermore after a holiday or a great meal, we can’t wait to share the photos with our friends and followers. But what happens when we lose someone we love and with this person we lose the access with some valuable, emotionally relevant content (unsent last messages, online stored last selfies, etc.)?

Maybe we can answer this question from the view of the practical life, but it is such a complicated issue if we approach it from the aspect of law. Since 2013, I’ve been trying to collect all the knowledge we have about the legal and practical aspects of online data after death, and find the best solution between locking all these emotionally valuable data forever and opening Pandora’s box.

On this site, I will publish all the legal and practical solutions I found,especially in the American and Hungarian legal system and I encourage you, Dear Visitor to share your thoughts with us, or contact me to ask questions or start a conversation (see Contact below).

I hope with starting this blog, I can help this topic to get to more people and I also hope it will help me to get in touch with people who are also interested in this very current issue.