05 Digital Personality

“Privacy” is the key issue of the digital world; not only because of the data protection hype concerning the Internet community Facebook. Privacy, however, is not an invention of the digital age, but was already regulated in the first Swiss Civil Code (CC) of 1907 in Art. 27 et seq., the protection of personality. According to Art. 31 of the Swiss Civil Code, the personality of a natural person begins with life after the completed birth and ends with death. Before birth, the child has legal capacity, subject to the proviso that it is born alive. A legal person acquires its personality through a legal act, in accordance with Art. 52 of the Swiss Civil Code through entry in the Commercial Register. Public corporations and institutions as well as associations that do not pursue economic objectives do not require registration.The existence of a legal person ends with its (voluntary or legally enforced) liquidation (Art. 57 ff. CC). According to Duden, identity is the “authenticity of a person” or a personality according to the Swiss Civil Code. One also speaks of authenticity. We will transfer these terms, which were already anchored in Swiss law at the beginning of the last century, into the digital world and consider how a personality in the legal sense arises in this world, what dangers it is exposed to there, how it is legally protected by them and what happens to the digital identity if the natural or legal person behind it dies or is liquidated.

From a legal point of view, a person can only have one identity. But even offline it is possible for a person to pretend to have different identities. This is much easier online. It is even the case that people acquire more digital identities that would never do so offline. This is usually about privacy. For example, people do not want providers or third parties to know that they are using a particular digital service.

Types of digital identities

So the question for lawyers is how to be sure online that the person they are dealing with is really the person they want to communicate with.

Swiss banks have had this problem since 1996, when they began offering their customers online services (see Furrer/Dietrich, HSLU – W, Geschichte des Online-Banking). The banks have solved this problem by means of a special agreement for online services or, today, e-banking. The customer is uniquely identified offline by the bank. They also receive a user name and password offline, usually combined with additional authentication by sending a code by SMS when registering or entering a graphic displayed online using a smartphone. Legally, this is a digital identity agreed and created with the specific business relationship, combined with a corresponding digital signature (user name, password, possibly additional code via smartphone). Most other identities used in e-commerce also belong to the same type of digital identity, e.g. for Facebook, Instagram, Amazon, Netflix, Tages-Anzeiger, LeShop.

A universal digital identity, on the other hand, is the qualified digital signature in accordance with the Federal Act on Electronic Signatures (ZertES; see 04 Contracts in digital projects, see also Info on OFCOM’s website).

Identity Sharing, Identity Theft

Although nobody talks about it, not even the providers concerned, it probably happens very often. Particularly within a family and among friends, the access data of Internet services and thus the corresponding digital identity are exchanged (known in the USA as “password sharing”). The question is whether this is permitted under civil law, but also under criminal law. This is determined by the corresponding terms of use. As a rule, these prohibit the transfer to unauthorized third parties. However, there are also licenses or subscriptions that permit use by several persons. Providers often solve the problem of multiple use technically, for example by restricting simultaneous use to a certain number of devices. A login with another device is therefore not technically possible. If the access data are passed on to unauthorised third parties, this is a breach of contract according to Art. 97 of the Swiss Code of Obligations (CO) and the provider can claim damages in the event of fault. In this case, the terms of use also regularly provide for the account to be blocked. Under criminal law, the unauthorised use of a digital service which is accessible to everyone for a fee is a so-called “obtaining by fraud of a service” according to Art. 150 of the Swiss Criminal Code (SCC) (BSK StGB, Weissenberger, Art. 150 StGB, N 41). The offence is on the same criminal level as fare evasion on public transport (which is regulated in the same article). Since the offerers fear probably a negative Publicity, they cut off in such a case surely the account, will probably however rather no announcement give. In any case, I am not aware of any such case in Switzerland. In addition, only the person who uses the foreign identity will be punished, but not the person who passed it on.

Legally far more problematic is the disclosure, theft (identity theft) and unauthorised use of login data for digital services and databases that are only available to a limited number of users. This generally applies to e-mail servers (in particular BGer 6B_615/2014, 6B_456/2007), but in my opinion also to social media platforms such as Facebook and Instagram, as well as to access to employer systems where employees can log on. If an intention to enrich exists, this behaviour is, in my opinion, punishable according to Art. 143 SCC, namely by office, to the detriment of relatives only on request. If there is no intention of enrichment, the offence can only be punished on application according to Art. 143bis SCC (also so-called hacker offence). In this context, the disclosure of login data may also be punishable by law.

Digital Death

Every day, thousands of users of digital services, including Facebook and Instagram, die. They continue to live digitally as long as their accounts are not deleted, i.e. their digital deaths also occur. Many people are unlikely to care what happens to their data in the various clouds and social media after their death. However, many people would like to decide. In addition, there are also relatives who are affected by the continued existence of corresponding social media accounts. The question is therefore what to do in these cases or how to take appropriate precautions and what the possibilities are for the relatives if the testator has not had anything to do with it.

The simplest would be if the testator were to order his heirs to have access to his digital data in digital clouds and services and to attach the corresponding access data to his order or otherwise deposit them in such a way that they are easily accessible by the heirs after his death. In this case, the heirs can simply dispose of the same data without contacting the corresponding providers, and in particular delete the corresponding accounts on their own initiative. In order for such an order to be valid, it should be publicly notarised in accordance with Art. 498 CC or written completely by hand. In addition, it could make sense to appoint a person (executor) who is familiar with the relevant media (including legal) for the handling of digital data, e.g. a lawyer specialising in digital law.

In the absence of a corresponding order with the corresponding access data, it is to be assumed that the digital estate is transferred to the legal heirs or appointed heirs within the scope of a general succession pursuant to Art. 560 CC. The heirs thus also have their own right to access this data. As long as the providers of cloud services and other digital services concerned are domiciled in Switzerland, it should be possible to enforce this right. However, it is problematic if the providers concerned, such as Microsoft, Apple, WhatsApp, Facebook and Instagram in particular, have their headquarters abroad, as is the case with most providers, e.g. in the USA, enforcement of the corresponding rights is more complicated. However, foreign jurisdictions agreed in accordance with the terms of use may not be valid if the testators are private individuals. According to Art. 15 of the Lugano Convention (Lugano Convention, applied in relations between Switzerland and the EU) and Art. 120 of the Private International Law Act (PILA; applied in relations between Switzerland and the “rest of the world”), consumers always have the right to the place of jurisdiction at their place of residence. Foreign providers could then also be sued there.

A compilation of the provider’s terms of use in the event of the death of Julia Hostettler users can be found at the following link: Hostettler, Terms of use of the providers in case of death of users, 2018.

A detailed description of the problem can be found in an article by Prof. Dr. oec. Hans Rainer Künzle, University of Zurich: Digitaler Nachlass nach schweizerischem Recht, successio 9, 2015, p. 39 ff..