Privacy after death: Time for a re-think?

In Australia, privacy protections don’t apply once you’re dead.

What do Kylie Minogue, John Lennon, Madge Simpson, Madonna Ciccone and Britney Spears have in common?

Trick question?

Artificial intelligence has been popping up in some strange contexts lately. Madge Simpson has been revamped into a “real-life human” as the Simpson Family television series gets a (what must surely be a nearly end of life) revamp and makeover. John Lennon is singing a new Beatles song that’s about to be released, even though he’s been dead for more than 40 years and you can listen to Madonna and Britney Spears performing Kylie Minogue’s latest earworm, the unexpectedly successful Padam Padam, even though they’ve both had nothing to do with it, but instead, what you’re hearing are voices created using artificial intelligence’s voice cloning.

It makes you wonder whether or not you could feed enough of the published works of Karl Marx into an AI bot to allow him to express an opinion on the Reserve Bank of Australia’s interest rate rises.

The point is, if AI means we can still be singing songs, voicing opinions or appearing in television shows well after we’ve died (either as a human or a cartoon character), surely we are now finally entitled to more fulsome rights in death than the law currently allows? And this is even before you factor in the post-mortem lives that many of us now seem to live on social media, memorialised or otherwise.

Privacy rights don’t apply after death

As matters stand with most privacy laws, you have no privacy rights once you’ve died[1]. According to Paul Roth, a New Zealand commentator, “This is presumably on the basis that the raison d’être for privacy protection no longer exists, since dead people can feel no shame or humiliation. The underlying common law principle here is much the same as in the law of defamation, which in most jurisdictions does not countenance civil actions that seek to vindicate the reputation of the dead”. [2]

Does this still remain relevant in a context where a person’s public and even creative or dialectic existence might continue indefinitely? In the case of the very famous and/or talented, AI technologies mean that a post-mortem existence might have very significant commercial value too. And, in the days of big data, don’t the modern consequences of an invasion of privacy extend well beyond concerns about shame, humiliation or the trauma of being aggrieved?  When my personal information disappeared off goodness knows where during the Optus data breach, my main concerns were about financial fraud and identity theft, and I’m quite confident that the perpetrators didn’t pinch my data in order to make me blush.

Extension after death

The Australian Law Reform Commission considered these issues back in 2008 in For Your Information: Australian Privacy Law and Practice (ALRC Report 108)[3].

Noting the ethical coupling of privacy with defamation, the ALRC considered the privacy protections afforded by the Privacy Act 1998 (Cth) as actually being more akin to duties of confidentiality (which do survive death) and recommended the development of a series of provisions in the Privacy Act 1998 (Cth) relating specifically to the personal information of the dead.

The reasons for that recommendation were cited as being “to ensure that living individuals are confident to provide personal information, including sensitive information, in the knowledge that the information will not be disclosed in inappropriate circumstances after they die. The provisions are also intended to protect living relatives and others from distress caused by the inappropriate handling of a deceased individual’s personal information and to provide a right of access to that information for family members and others where such access is reasonable”.[4]

Time for a re-think?

Perhaps it’s time to revisit the ALRC’s recommendations. The financial fraud and identity theft consequences of the big data breaches of 2022 make the coupling of privacy rights to emotions like shame or humiliation, feelings that cease at death, look rather naïve. And the modern digital paradigm means that we’re living longer now, even though we’re dead. Some of us might even still be in the workforce, even though we’re dead!

[1] Although some State and Territory laws do recognise the privacy rights of the deceased, particularly in relation to their health records.

[2] P Roth, ‘Privacy Proceedings and the Dead’ (2004) 11 Privacy Law & Policy Reporter 50

[3] https://www.alrc.gov.au/publication/for-your-information-australian-privacy-law-and-practice-alrc-report-108/8-privacy-of-deceased-individuals/introduction-117/

[4] At paragraph 8.3 of the report.

Ian Commins

Privacy, software design and technology. Ian is a privacy, IT and software contracts lawyer with over 30 years of experience as a lawyer and over 20 years of experience advising on the legal aspects of data management and processing.