“Privacy” is the key issue of the digital world; not only because of the data protection hype concerning the Internet community Facebook. Privacy, however, is not an invention of the digital age, but was already regulated in the first Swiss Civil Code (CC) of 1907 in Art. 27 et seq., the protection of personality. According to Art. 31 of the Swiss Civil Code, the personality of a natural person begins with life after the completed birth and ends with death. Before birth, the child has legal capacity, subject to the proviso that it is born alive. A legal person acquires its personality through a legal act, in accordance with Art. 52 of the Swiss Civil Code through entry in the Commercial Register. Public corporations and institutions as well as associations that do not pursue economic objectives do not require registration.The existence of a legal person ends with its (voluntary or legally enforced) liquidation (Art. 57 ff. CC). According to Duden, identity is the “authenticity of a person” or a personality according to the Swiss Civil Code. One also speaks of authenticity. We will transfer these terms, which were already anchored in Swiss law at the beginning of the last century, into the digital world and consider how a personality in the legal sense arises in this world, what dangers it is exposed to there, how it is legally protected by them and what happens to the digital identity if the natural or legal person behind it dies or is liquidated.
From a legal point of view, a person can only have one identity. But even offline it is possible for a person to pretend to have different identities. This is much easier online. It is even the case that people acquire more digital identities that would never do so offline. This is usually about privacy. For example, people do not want providers or third parties to know that they are using a particular digital service.
Types of digital identities
So the question for lawyers is how to be sure online that the person they are dealing with is really the person they want to communicate with.
Swiss banks have had this problem since 1996, when they began offering their customers online services (see Furrer/Dietrich, HSLU – W, Geschichte des Online-Banking). The banks have solved this problem by means of a special agreement for online services or, today, e-banking. The customer is uniquely identified offline by the bank. They also receive a user name and password offline, usually combined with additional authentication by sending a code by SMS when registering or entering a graphic displayed online using a smartphone. Legally, this is a digital identity agreed and created with the specific business relationship, combined with a corresponding digital signature (user name, password, possibly additional code via smartphone). Most other identities used in e-commerce also belong to the same type of digital identity, e.g. for Facebook, Instagram, Amazon, Netflix, Tages-Anzeiger, LeShop.
A universal digital identity, on the other hand, is the qualified digital signature in accordance with the Federal Act on Electronic Signatures (ZertES; see 04 Contracts in digital projects, see also Info on OFCOM’s website).
Identity Sharing, Identity Theft
Legally far more problematic is the disclosure, theft (identity theft) and unauthorised use of login data for digital services and databases that are only available to a limited number of users. This generally applies to e-mail servers (in particular BGer 6B_615/2014, 6B_456/2007), but in my opinion also to social media platforms such as Facebook and Instagram, as well as to access to employer systems where employees can log on. If an intention to enrich exists, this behaviour is, in my opinion, punishable according to Art. 143 SCC, namely by office, to the detriment of relatives only on request. If there is no intention of enrichment, the offence can only be punished on application according to Art. 143bis SCC (also so-called hacker offence). In this context, the disclosure of login data may also be punishable by law.
Every day, thousands of users of digital services, including Facebook and Instagram, die. They continue to live digitally as long as their accounts are not deleted, i.e. their digital deaths also occur. Many people are unlikely to care what happens to their data in the various clouds and social media after their death. However, many people would like to decide. In addition, there are also relatives who are affected by the continued existence of corresponding social media accounts. The question is therefore what to do in these cases or how to take appropriate precautions and what the possibilities are for the relatives if the testator has not had anything to do with it.
The simplest would be if the testator were to order his heirs to have access to his digital data in digital clouds and services and to attach the corresponding access data to his order or otherwise deposit them in such a way that they are easily accessible by the heirs after his death. In this case, the heirs can simply dispose of the same data without contacting the corresponding providers, and in particular delete the corresponding accounts on their own initiative. In order for such an order to be valid, it should be publicly notarised in accordance with Art. 498 CC or written completely by hand. In addition, it could make sense to appoint a person (executor) who is familiar with the relevant media (including legal) for the handling of digital data, e.g. a lawyer specialising in digital law.
A detailed description of the problem can be found in an article by Prof. Dr. oec. Hans Rainer Künzle, University of Zurich: Digitaler Nachlass nach schweizerischem Recht, successio 9, 2015, p. 39 ff..