Standardize language

Add original FORUM-29302 submission to Git
2025-09-06 10:08:52 +00:00 · 2025-09-04 18:13:14 -05:00 · 2025-09-04 18:07:28 -05:00
1 changed files with 61 additions and 0 deletions
--- a/blog/posts/the-fight-for-privacy-after-death.md
+++ b/blog/posts/the-fight-for-privacy-after-death.md
@@ -0,0 +1,61 @@
 ---
 date:
  created: 2025-09-04T20:00:00Z
 categories:
  - Opinion
 authors:
  - aprilfools
 description: In 2020, London police failed to save two sisters in life, then violated their privacy in death. This is a call to arms for posthumous privacy rights.
 schema_type: OpinionNewsArticle
 ---
 # Ghosts in the Machine: The Fight for Privacy After Death
 In the early hours of 6 June 2020, Nicole Smallman and her sister Bibaa had just finished celebrating Bibaa’s birthday with friends in a park in London. Alone and in the dark, they were [fatally and repeatedly stabbed](https://en.wikipedia.org/wiki/Murders_of_Bibaa_Henry_and_Nicole_Smallman) 36 times.
 But the police didn’t just fail them in life – they failed them in death too. PC Deniz Jaffer and PC Jamie Lewis, both of the Metropolitan Police, [took selfies](https://www.theguardian.com/uk-news/2021/dec/06/two-met-police-officers-jailed-photos-murdered-sisters-deniz-jaffer-jamie-lewis-nicole-smallman-bibaa-henry) with the dead bodies of the victims, posting them on a WhatsApp group. And no privacy laws prevented them from doing so.
 This horrific case is just one in the murky, often sinister realm of posthumous privacy. In the UK, Europe, and across the world, privacy protections for the dead are at best a rarity – and at worst, a deep moral and societal failing that we cannot and must not accept.
 Let’s take a step back. The case of the Smallmans starkly draws attention to the denial in death of guarantees to the living. Reading this blog, you are no doubt aware that the UK and Europe have firm privacy protections in *The General Data Protection Regulation* (GDPR) and Article 8 of the *European Convention on Human Rights* (ECHR). But the picture elsewhere is less clear, with a challenging patchwork of laws and regional statutes the only protection for those in the US and much of the rest of the world. And once you die? Almost universally, these protections [immediately cease](https://gdpr-info.eu/recitals/no-27/).
 Here the problem begins. This abrupt collapse in privacy rights leaves the deceased and their families, like the Smallman family, newly vulnerable – and at a time when they are already utterly broken.
 In the absence of law comes the pursuit of it, against a backdrop of flagrant privacy violations. What this pursuit means, in practical terms, is that two primary categories of posthumous privacy dominate legal debate: the medical, where the law has intervened tentatively, and the digital, where it simply hasn’t kept up.
 Medical protections are tentative because of piecemeal development. Typically involving legal workarounds, they offer rare precedent for what might happen to your digital ghosts now and in the future, with the only clear trend being a reluctance to protect.
 That said, the US is one country that has taken measures to protect the medical privacy of the dead. The *Health Insurance Portability and Accountability Act* (HIPAA) dictates that 50 years of protection must be given to your personally identifiable medical information after you die. Except there’s a catch. State laws also apply, and state laws differ. In Colorado, Louisiana, and many others, its efficacy is severely challenged by laws dictating the mandatory release of information regarded as public – including autopsy reports and even [your genetic information](http://dx.doi.org.ezp.lib.cam.ac.uk/10.1177/1073110516654124).
 In lieu of any protections, surviving relatives in Europe have found some success claiming that their own Article 8 rights – that ECHR right to privacy – have been violated through disclosures or inspections related to their deceased.
 In one case, Leyla Polat, an Austrian national, suffered the awful death of her son just two days after birth following a cerebral hemorrhage. The family refused a post-mortem examination, wanting to bury their child in accordance with Muslim beliefs; but doctors insisted it take place, covertly removing his internal organs and filling the hollows with cotton wool. When this was discovered during the funeral rites, the boy had to be buried elsewhere, and without ceremony. After several court cases and appeals, The European Court of Human Rights [found](https://hudoc.echr.coe.int/rum#%7B%22itemid%22:%5B%22002-13361%22%5D%7D) that Leyla’s Article 8 and 9 rights had been violated.
 As an aside – Stalin’s grandson [tried the same Article 8 route](https://hudoc.echr.coe.int/eng#%7B%22itemid%22:%5B%22001-150568%22%5D%7D) in relation to reputational attacks on his grandfather, reflecting attempts to apply the workaround more widely.
 It’s not that there hasn’t been some progress. The fundamental problem is that protections – already sparse – are only as good as their material and geographic scopes, their interactions with other laws, and how they are interpreted in a court. Nowhere is this more apparent than in the case of the Smallman sisters. Judge Mark Lucraft KC [found](https://www.judiciary.uk/wp-content/uploads/2022/07/R-v-Jaffer-Lewis-sentencing-061221.pdf) that PCs Jaffer and Lewis, in taking selfies with the murdered victims, had:
 > *“…wholly disregarded the privacy of the two victims of horrific violence and their families for what can only have been some cheap thrill, kudos, a kick or some form of bragging right by taking images and then passing them to others.”*
 Yet this acknowledgement of privacy violation is precisely just that. The crime the officers committed was misconduct in public office; they were not convicted on the basis of privacy law. That sense of progress – that we might be beginning to recognize the importance of posthumous privacy – has all but gone out of the window.
 That does not leave your digital privacy in a good place. Whatever little protection you may be able to tease out for our medical privacy far, far exceeds the control you have over your virtual ghosts. And with AI just about everywhere, the prospects for your data after death are terrifying.
 We’ve already established that data protections for the living – such as GDPR – expire at death. The simple reality is that dying places your data at the mercy of large technology corporations - and their dubious afterlife tools.
 Even if you trust such tools to dispose of or act on our data, there is a disconnect between demand and take-up. A [study of UK nationals](https://www.tandfonline.com/doi/full/10.1080/13600869.2025.2506164#abstract) found a majority that wanted their data deleted at death were unaware of the tools, with large tech companies unwilling to share any details on their uptake. Reassuring stuff.
 But the reality is, you shouldn’t. You’ll recall that [deletion doesn’t usually mean deletion](https://www.privacyguides.org/en/basics/account-deletion/) – and after death, even GDPR can’t force big tech to delete the data of those lucky enough to have benefited from it. Account deleted or not, our ghosts will all be stuck in the machine.
 Recent reports have acknowledged dire possibilities. Almost worldwide, you can [legally train AI models on the data of a deceased person](https://www.reuters.com/article/world/data-of-the-dead-virtual-immortality-exposes-holes-in-privacy-laws-idUSKBN21Z0NE/) and recreate them in digital form – all without their prior consent. Organizations exist purely to scour your social media profiles and activity for this exact purpose. Your ghost could be used to generate engagement against your will, disclosing what you tried to hide.
 You may ask: why should the law care? Why indeed, when it deems we [cannot be harmed](https://doi.org/10.1093/acprof:oso/9780199607860.003.0003) after death. To argue thus is to miss the point. A lack of privacy after death harms the living, often in ways others cannot see. The effect of [post-mortem anxiety](https://www.tandfonline.com/doi/full/10.1080/17577632.2024.2438395#d1e120) is a real one that deeply troubles individuals wishing to keep a part of them hidden from public – or even family – view, whether it be it an [illicit affair](https://www.cardozoaelj.com/wp-content/uploads/2011/02/Edwards-Galleyed-FINAL.pdf) or whatever else. Revelation at the point of death can be just as harmful to those still alive.
 There is cause for optimism. Article 85 of the *French Data Protection Act* allows you to include [legally enforceable demands concerning your personal data](https://www.cnil.fr/fr/la-loi-informatique-et-libertes#article85) in your will. This is truly a landmark piece of legislation by the French that indicates what the global direction of travel should be, and what we should ultimately demand: protections for the dead, by the dead.
 But even more urgently, we must demand that governments across the world introduce even the most basic legal framework for post-mortem privacy that protects you, your family, and community from egregious harm.
 The Smallmans deserved dignity – and so does everyone else in death. The law must catch up.
 ---
 *This article hasn’t even begun to scratch the surface of the complexity of post-mortem privacy, and there are innumerable relevant cases and laws that simply wouldn’t fit. If the topic has caught your interest, and you’d like to dig in more, [this white paper](https://doi.org/10.1016/j.clsr.2022.105737) by Uta Kohl is a good starting point.*
Author	SHA1	Message	Date
Jonah Aragon	6e7ea3cb52	Standardize language	2025-09-04 18:13:14 -05:00
Jonah Aragon	a84f16fdc4	Add original FORUM-29302 submission to Git	2025-09-04 18:07:28 -05:00