Robert Gellman


Robert Gellman is a privacy and information policy consultant in Washington, D.C., specializing in health confidentiality policy, privacy and data protection, and Internet privacy. A graduate of the Yale Law School, Gellman served for 17 years as chief counsel to the Subcommittee on Government Information in the House of Representatives. Gellman served as a member of the Department of Health and Human Service's National Committee on Vital and Health Statistics from 1996-2000. He maintains a website at


Death and Privacy Part III

by Bob Gellman February 5th, 2014 12:46 pm

Death and Privacy:  Part III

By Bob Gellman

In 2013, I posted two short articles discussing whether and how privacy rights continue after the death of a data subject. The focus was on US law. I thought that it would be worthwhile to offer some additional information and resources to anyone who has an interest in the topic.

I attended the 2014 Computers, Privacy & Data Protection Conference in Brussels, Belgium, in January 2014, where there was a panel on Post-Mortem Privacy: Exploring Deceased’s Privacy in a Digital World. The Centre for Creativity, Regulation, Enterprise & Technology (CREATe) organized the panel.

Some post-mortem privacy issues, such as what happens to a Facebook page when the owner dies, have been the subject of attention and litigation in the US, but explorations of the general topic in Europe have gone further. Whether dead individuals have rights under the EU Data Protection Directive is not as clear as it might be, and the law in EU Member States varies somewhat. The materials below explore this and other related topics.

First, here are the particulars about the panel:

Chair Michael Birnhack, Tel Aviv University (IL)

Moderator Irina Baraliuc, Vrije Universiteit Brussel (BE)

Panel:  Damien McCallig, Galway University (IE); Elaine Kasket, British Psychological Society (UK); Jan Bikker, University of Dundee (UK); Wendy Moncur, University of Dundee (UK); Edina Harbinja, University of Strathclyde (UK).

 This panel explores the issues surrounding post mortem privacy (PMP): privacy of the deceased in the digital realm. This concept has only recently become a subject of concern in various disciplines, including law, sociology, psychology, computer sciences, anthropology, and forensics. The panel aims to tackle and explain how the competing privacy interests of the deceased, bereaved family, heirs and society should be dealt with following death. It will assess and question the value and importance of the various aspects of privacy in digital remains from personal interest and public interest perspectives. Panelists, drawn from a diverse range of disciplines and interests, will explore the challenges posed to the values and aspects of privacy by our interactions with digital technology and post-death phenomena, specifically digital legacy, inheritance, identity, property, mourning and the repurposing or further uses of digital remains.

This interdisciplinary panel envisages tackling the following PMP-related challenges:

● The bequest, inheritance and repurposing of personal data (such as emails, photos and social network site interactions) in the context of the death of technology users;

● Technologically-mediated mourning and memorialisation and posthumously maintained bonds with the dead;

● Comparative legal issues related to the phenomenon of PMP (personality, data protection, copyright);

● PMP themes relating to the interests of victims experienced in global disasters, whether survivors, the deceased or next-of-kin.

 Second, I looked at some of the materials that the panel members made available, and here are a few links that may be of interest. This is not a comprehensive list of materials, but it will give interested parties a start.

An issue of Scripted (2013) has several articles about post-mortem privacy by people from the CPDP panel. I won’t list the details here. Click on the link above for abstract and copies.

Dealing with digital death Posted on Monday, October 14th, 2013 at 4:30 am By Damien McCallig

Through the use of email, social media, and other online accounts, our lives and social interactions are increasingly mediated by digital service providers. As the volume of these interactions increases and displaces traditional forms of communication and commerce the question of what happens to those accounts, following the death of the user, takes on greater significance.

Should the relatives or heirs of a deceased Facebook user have the ‘right’ to access, take control of, or even delete the account? Some of you reading this will recoil in dread at such a thought, quickly remembering all of those digital indiscretions and private messages you would prefer to assign to oblivion but never got around to deleting. Other readers may remember a friend, no longer alive today, and will possibly turn to social media later to seek out a picture and recall a shared memory.


The Law of Digital Remains. Reconciling the dignity and interests of the deceased with those of the living. Damien McCallig, School of Law, National University of Ireland Galway.

Dealing with the aftermath of someone’s death is always a difficult and sensitive issue. In recognition of this, society has developed various rites, rituals and norms to aid the family and loved ones to deal with the physical remains and redistribute the possessions of the deceased. This involves balancing an innate desire to respect the dignity of the deceased with the needs and interests of the surviving family and wider community.

In the pre-digital age laws adequately reflected these rites and norms. For example, personal mementos, photographs, letters, scrapbooks and meaningful tokens that hold sentimental value pass by default along with the physical property they are bound up in. Succession law reflects these norms, with personal property passing by will or the rules of intestacy. The unauthorised interference by unconnected third parties with a deceased’s personal items was generally precluded as they were bound up in property that would remain within the home or in the possession of friends or family. The digital universe has changed this.


Online life after death faces legal uncertainty. Different jurisdictions set different rules for what should happen to online personal data after death

By Loek Essers, IDG News Service 

October 08, 2012, 10:24 AM — When people die in the real world, their online alter egos may live on, creating an unusual situation for those who only knew them through their online presence. The law is only beginning to address this limbo state, and fragmented privacy legislation provides no conclusive answer to the question of who should be allowed to access or delete someone's social networking profile or email correspondence after they die, a panel discussion at the Amsterdam Privacy Conference concluded.

When a Facebook user dies and Facebook is informed of the death, the company "memorializes" the profile, hiding features such as status updates, and allowing only confirmed friends to view the timeline and post on the profile. Maintaining access to such a profile helps in the mourning process, said psychologist Elaine Kasket, who presented a paper on life after death on Facebook at the conference on Monday. "Visible conversation with a person who died and about person who died is important in the grief process," she said.


From death to final disposition: roles of technology in the post-mortem interval 

By Wendy Moncur, Jan Bikker, Elaine Kasket, and John Troyer

Abstract:  In this paper, we describe collaborative processes and stakeholders involved in the period from when a person dies until they are laid to rest: the funeral, final disposition of the body, and (in some circumstances) victim identification. The rich mixture of technologies currently deployed during this brief period are categorized and critically analyzed. We then reflect on the implications of our findings, both for the design of technology that takes the end of life into account, and for the wider HCI community.

 'What Happens to My Facebook Profile When I Die?’: Legal Issues Around Transmission of Digital Assets on Death (February 21, 3013) Lilian Edwards, University of Strathclyde Law School, and Edina Harbinja, University of Strathclyde Law School

 Abstract:  This chapter aims to explore some of the major legal issues pertaining to transmission of digital assets on death. “Digital assets” within this chapter are defined widely and not exclusively to include a huge range of intangible information goods associated with the online or digital world: including social network profiles e.g. on Facebook, Twitter, Google or Linked In; emails, tweets, databases etc; in-game virtual assets (e.g., as bought, found or built in worlds such as Second Life, World of Warcraft, Lineage, etc); digitised text, image, music or sound, such as video, film and e-book files; passwords to various accounts associated with provisions of digital goods and services, either as buyer, user or trader (e.g. to eBay, Amazon, Facebook, YouTube etc); domain names; 2D or 3D personality-related images or icons such as user icons on LiveJournal or avatars in Second Life; and not excluding the myriad types of digital assets emergent as commodities capable of being assigned worth (e.g. “zero day exploits” or bugs in software which antagonists can exploit ).

The chapter explores (a) how far the new digital assets fall into existing paradigms of property (b) the interactions between property, succession, privacy and contract in this domain, especially in the context of assets generated on intermediary sites such as social networks (c) whether we need a notion of "post mortem privacy" and (d) briefly , some solutions to some of the issues thrown up by previous sections, including emerging legislation , and the new breed of "life after death" technology assistants such as Legacy Locker.



Protecting the Family Genetic Heritage"

by Bob Gellman November 4th, 2013 10:30 am

Voice America (not the Voice of America) broadcast a program from Family Caregivers Unite on "Protecting the Family Genetic Heritage" last month. This program focused specifically on privacy issues and genetic information.

I thought some here would be interested.

Here’s the description from the website:

Ma’n H. Zawati, is a lawyer and Academic Coordinator of the Centre of Genomics and Policy at McGill University, Dr. Khaled El Emam,, is the Founder and CEO of Privacy Analytics, Inc, a senior investigator at the Children's Hospital of Eastern Ontario Research Institute, and holds a Canada Research Chair in Electronic Health Information at the University of Ottawa. They describe their lives and experience with family caregiving, and their work. From legal, ethical and technological perspectives, they discuss the greatest challenges that arise in protecting the genetic heritage of families. They explain the ways currently available for overcoming the greatest of these challenges. They say what they would like to do and see done to accelerate progress in overcoming the challenges that arise in protecting the genetic heritage of families. They share their messages for families concerned about abuse of their genetic heritages.

Bob Gellman


New Privacy Teaching Materials from Fordham Law

by Bob Gellman October 17th, 2013 10:57 am

This is the press release from Fordham about the program for teaching privacy at middle schools. There's a link in the release to the materials. I thought some folks here might be interested. Bob

Fordham Law School’s Center for Law and Information Policy has announced and released a first-ever curriculum for privacy education geared to middle school students. The program was financed by a court-approved settlement in the class action law suit against NebuAd. Fordham Law student volunteers taught a pilot program last spring at PS191 in New York City, and now Fordham CLIP is launching a partnership with volunteers from law schools and university research centers who will teach the program in middle schools across the country. Participating students and faculty include the following schools: Berkeley Law, UC-Irvine, Georgetown, Harvard’s Berkman Center, Idaho, Northern Kentucky, Princeton’s Center for Information Technology Policy, Roger Williams, Seattle, Suffolk, Tulane, Washington University-St. Louis, and Yale.

Fordham CLIP is making the curriculum available as a set of free open source documents on the CLIP website to any educators who want to use the instructional materials to address the many privacy issues teens face as their use of technology skyrockets.

The need for this type of education is revealed by recent reports from the Pew Research Center that 93% of teens ages 12 to 17 go online, 53% of teens post their email address online, 20% post their cell phone number and 33% are connected online to people they have never met.

“As online technologies become a key feature in young teens’ lives, parents and educators must teach teens about the privacy and safety implications of these technologies,” said Joel Reidenberg, Fordham Law professor and founding director of CLIP. “We’ve designed a program and enlisted a team of volunteers to help educate children about how to use these devices safely so they don’t make mistakes that can impact them for many years.”

Jordan Kovnot '11, an associate at the law firm Olender Feldman and former Fordham CLIP Privacy Fellow, developed the program during the course of his fellowship last year and supervised the group of volunteer Fordham law students who taught the program last spring to a class of 7th graders at PS191 in Manhattan. The program features a set of one-hour long sessions covering topics such as: 1) privacy basics; 2) how to deal with passwords and behavioral ads; 3) navigating social media and tricky situations; 4) understanding mobile, WiFi and facial recognition; and 5) managing a digital reputation.

"Our middle school students were challenged to think about privacy in their everyday lives,” said Nichole Gagnon, the PS191 classroom teacher for the pilot class. “Many teens believe that because they are communicating through their own personal accounts, phones and computers that it is private. While interacting with the law students, they soon realized that nothing that is public can be private at the same time."


SSDI and the Do Not Pay Initiative

by Bob Gellman August 29th, 2013 12:00 pm

Just recently, the Office of Management and Budget issued a memorandum for the federal government’s Do Not Pay Initiative. Protecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative, OMB Memorandum M-13-20, The DNP Initiative derives from several federal laws, the most recent of which is Improper Payments Elimination and Recovery Improvement Act of 2012, Pub. L. No. 112-248, 126 Stat. 2390 (2012).

This effort would be of no particular interest here except for the SSDI connection. Both the law and the OMB memo utilize the SSDI (Death Master File of the Social Security Administration). Here are the details.

The DNP Initiative directs agencies to have prepayment and preaward procedures and to ensure that a thorough review of available databases with relevant information on eligibility occurs to determine program or award eligibility and prevent improper payments before the release of any Federal funds. Under the 2012 legislation, agencies are required to review five existing federal databases prior to payment. These databases are:

• Death Master File of the Social Security Administration.
• General Services Administration's Excluded Parties List System.
• Debt Check Database of the Department of the Treasury.
• Credit Alert System or Credit Alert Interactive Voice Response System of HUD
• List of Excluded Individuals/Entities of the Office of Inspector General of HHS.

Pub. L. No. 112-248 § 3(a), amending § 5(a)(2) of the Improper Payments Information Act of 2002, 31 U.S.C. 3321 note.

I’m just posting this to let those who track SSDI issues know that it is part of the Do Not Pay Initiative. That knowledge may be mildly useful at some point down the road.


Hearing on Tax ID theft - April 16 2013

by Bob Gellman April 15th, 2013 4:59 pm

Some may have an interest in this hearing.

Apr. 16, 10:00 a.m., Tax Fraud and Tax ID Theft: Moving Forward with Solutions - The Senate Finance Committee will hold a hearing with witness testimony from Steven T. Miller, Acting Commissioner, IRS; Nina E. Olson, National Taxpayer Advocate, IRS; Jeffrey A. Porter, Chair of the Tax Executive Committee, American Institute of Certified Public Accountants, and Founder, Porter & Associates; and Marianna LaCanfora, Deputy Commissioner, Retirement and Disability Policy, Social Security Administration.. Dirksen Senate Office Bldg., Room 215.


Death and Privacy Part II

by Bob Gellman April 1st, 2013 4:39 pm

Do Dead People Have Privacy Rights?

Part 2 of 2

In Part I of this post, I discussed privacy rights after death in the context of health records.  Let’s look at how some other laws treat the issue.

Under the Privacy Act of 1974, a law that applies to federal agencies only, deceased individuals (and their next of kin) have no privacy rights.  See DOJ Overview of The Privacy Act of 1974 at 12 (2010),  The Freedom of Information Act offers no privacy protections beyond death either.  Aggressive reporters file a FOIA at the FBI following any celebrity’s death, just to see what’s available, and quite a few interesting stories resulted, especially from the J. Edgar Hoover era.

The “traditional” FOIA bright line answer isn’t so clear any more.  In 2004, in a case that followed the suicide of White House Deputy Counsel Vince Foster, the Supreme Court found that Foster’s family had a right to privacy that justifies withholding of photographs of crime scene photos.  There was a similar result in a FOIA case where the withholding of the tape recording of the final minutes of the Challenger space shuttle astronauts was also justified on the grounds of the privacy of surviving family members.

If you think about it, privacy rights of family members do not exist before death.  An individual can stand up in public and reveal something loathsome or hereditary about himself that reflects poorly upon or otherwise upsets his relatives.  Family members don’t have a right (as far as I know) to stop the disclosure in the interest of their privacy.  Does the family’s privacy interest arise from nothing at the instant of death?  Apparently.

For my nickel, the key to these cases is that they were decided by public figures like Supreme Court Justices and other judges.  The Justices looked at Foster’s death and thought that their deaths could be of public interest under the right circumstances.  They would want to spare their families, so they did the same in these cases.  It’s an understandable human reaction, even if it is harder to much sense of the principles.  There are other messy but less flashy FOIA cases about privacy of the dead.

Remember when Dale Earnhardt died in a crash during the last lap of the 2001 Daytona 500?  Under Florida law, autopsy photos were disclosable as public records under state law.  There was a rush for the photos, accompanied a dread that gruesome photos would be plastered all over the Internet.  In less than two months, the Florida Legislature changed the law so that the release of autopsy photos required approval of the next of kin.  A policy that stood for a long time was overturned just like that.  Not surprisingly, grieving families seem to receive a lot of sympathy in these matters.

The European Union has a lot of privacy law, and the protections of the law apply to living individuals.  However, the issue is no simpler in Europe than it is here.  A group of data protection officials observed recently that it may not be clear if an individual is living, that information on dead individuals may also relate to living individuals, that rules other than data protection rules may extend specific privacy rights after death, and that laws in some countries may extend privacy protection to cover dead individuals.

We are not done with examining privacy issues and death.  According to the Identity Theft Resource Center, identity thieves obtain information about deceased individuals to commit identity crimes.  Thieves watch the obituaries, obtain death certificates, or get information from websites that offer the Social Security Death Index file.

Now we are getting an issue that is of current interest to genealogists, I intend to wind up here.  I don’t want to get into the particulars of that debate now.  What I wanted to demonstrate is that the right of privacy after death is a complex and difficult subject.  Bright lines are hard to find.  Simple and clear policies produce complicated legal and policy problems.

Personally, I don’t think there’s a right or wrong answer here.  Or a one-size-fits-all answer either.  We already have different policies for different laws and circumstances.  They may not all make sense, but that’s the real world.  That's what we have for privacy before death too.

Many interests can be affected by privacy-after-death data issues, and each interest should have a say in any debate.  The struggle between openness and privacy is a familiar one generally, and the players and stakes are a bit different after death.  It’s unfortunate that cases and policy are often decided during the emotional time following a death.  Grieving widows tend to receive press attention and political deference.

I think that it is possible to seek reasonable balances and responses to current issues.  No matter where you come out on privacy and death, I hope that you can agree with that point.




Death and Privacy Part I

by Bob Gellman March 29th, 2013 2:02 pm

Do Dead People Have Privacy Rights?

Part 1 of 2

 Traditional privacy policy, if there is such a thing, says that privacy is an attribute of living individuals.  Therefore, dead people have no privacy rights.  It’s a clear and simple line, easy to apply.  It probably makes researchers, genealogists, biographers, and some others happy.

Life and death are not that simple.  The federal health privacy rules known as HIPAA originally provided that health records must be protected for privacy forever.  I was fond of saying that your health records were protected until the sun runs out of hydrogen.  However, that rule – another simple to apply, bright line – created some issues.

Who is the heir of George Washington?  Now that’s definitely a question that genealogists can help to answer.  I suspect that the answer will be complicated in many cases, especially over decades and centuries.  There may be no heir.  There may be dozens of heirs of equal status.  How are we going to decide if George’s health records can be shared with a historian, health researcher, or newspaper reporter?  Do we take a vote among all the heirs?  Do the votes of those who are more directly descended receive a greater weight?  How do we even find the heirs?  Should we allow heirs to sell the information?

So the privacy forever rule seems hard to apply.  Let’s stick with health records, but try it the other way.  Let’s say that privacy ends at death.

The immediate family of the dead individual might not be happy.  A death is hard enough, but the prospect that the deceased health records would become public could create even more difficulties.  For many individuals, few people outside the immediate family would care much about the details.  However, for celebrities, there would be many demands for records.  What do you think tabloids would do if they could get their hands on ___________’s health records?  You can fill in the blank yourself, but some obvious candidates are Michael Jackson, Vince Foster, and Ronald Reagan.

While you’re thinking about that, you need to know that an x-ray of Marilyn Monroe recently sold at auction for $45,000.  See  Do we want hospitals and labs selling celebrity test results and blood or tissue samples immediately upon death?  That’s more than a bit ghoulish for me.

Even for ordinary people, families might be traumatized if records showed that the deceased died of alcoholism, drug abuse, AIDS, syphilis, suicide, or other particularly unpleasant, reputation-destroying, or communicable disease.  Would a privacy-end-at-death rule mean that the DNA of the deceased could become public?  DNA information clearly tells something about direct descendants, and many might be unhappy that part of their genetic heritage would be public.

While I was working on this post, the story about the sequencing of Henrietta Lack’s DNA hit the press.  She was the woman whose cancer cells have been used worldwide for decades without her consent or the consent of her family.  Rebecca Skloot – who wrote the book The Immortal Life of Henrietta Lacks – wrote a NYT op-ed about the latest development.

In February of this year, HHS changed the HIPAA rule.  HHS replaced its privacy forever rule with a 50-year rule.  Any term of years is necessarily arbitrary, and 50 seem long enough so that nervous bureaucrats aren’t likely to be criticized by grieving families any time soon.

Is 50 years too long?  Probably, if you have an interest in genealogy.  And it could be longer as a matter of practice.  The preamble to the HIPAA rule notes that if a State has a law that provides for additional privacy protection, that law remains in force.  So the actual answer could vary state by state.  That could be particularly messy if, as is common today, an individual has health records in more than one state.  Further, HHS pointed out that the professional responsibilities of health care providers may require that patient records receive longer protections.  How long does a psychiatrist keep records confidential?  I don’t know if the profession has a policy.  It’s a messy legal issue whether and when a physician-patient or psychotherapist-patient evidentiary privilege survives the patient’s death.

We’ve just gotten started with dead people and privacy so maybe it’s time to end and come back another day with more.  I will end with a few new thoughts.  Even if privacy lasts forever, that doesn’t mean that everything is private forever.  It seems harder to argue that the fact of a death should be private.  No man is an island, right?  There are legal and other reasons for telling the world that someone is dead.  What else can we say about the deceased?  It’s easier to say that the name and date of death should be public.  There’s more to debate about whether next-of-kin, cause of death, and similar information should be public as well.

I’m not taking a stand, other than to emphasize that there’s a lot of room between nothing disclosed and everything disclosed immediately.   More in another post.