Every year, millions of deceased people become victims of financial and economic crimes called ‘ghost identity theft’. In the United States, more than 2.5 million people have their identities stolen fraudulently every year, with nearly 8,00,000 of those identities being used to obtain fraudulent credit lines, phone contracts, and benefits, all through identity theft. Additionally, a five-month pilot programme instituted by the US Treasury, which cross-checked payments with the national Death Master File, avoided or recovered US$31 million in improper payments, ultimately expecting to recover $215 million in costs over three years.
The UIDAI in India has already deactivated more than 1.4 crore (14 million) Aadhaar numbers of deceased individuals to prevent the exploitation of stolen identities and plans to deactivate an additional two crore (20 million) Aadhaar numbers by the end of the year. These experiences of each of these deceased individuals extend the underlying issue of restoring payment accountability to include other crimes, including benefits fraud, credit scams, forged estate transfers, and prepaid funerals. In Connecticut, for example, a prepaid funeral fund fraud resulted in a loss of $81,300.
Beyond direct fraud, privacy breaches compound the risks. Digital accounts, social media profiles, and medical or financial records of deceased persons often remain accessible, creating opportunities for cybercriminals to exploit sensitive data. Large-scale data leaks impacting both living and deceased have exposed billions of records globally, and mismatches in death records further fuel wrongful disbursements. With the US Death Master File containing over 142 million records, even minor inaccuracies can result in millions of dollars in fraud. Together, these trends show the scale of ghost identity crimes and post-mortem privacy violations, underscoring the urgent need for stronger data-matching systems, legal safeguards, and public awareness.
Indian experience
Following the tragic death of Bollywood actor Sushant Singh Rajput in 2020, there was a media frenzy that changed the definition of public scrutiny. The media sensationalised and analysed the death, and aired every minute detail of his personal life. It made social media a virtual autopsy table, and television a judiciary to decide the guilt or innocence of anyone close to him. It was profoundly sad to see the story of a young talent dying prematurely being displayed publicly and intruded upon unprecedentedly, which raised an important question: Does privacy die with the person?
Posthumous privacy explores the concept of granting the deceased the right to choose their own privacy even after death, a growing concern that remains largely unaddressed. Due to the nature and requirements of their profession, celebrities often walk a fine line between their private lives and public exposure. In this digital age, the issue of posthumous privacy for celebrities is under intense scrutiny, as digital society both glorifies and grieves the loss of public figures. However, the law remains silent on how to manage their image, data, and personal dignity.
Although the Supreme Court in the Puttuswamy case (2017) recognised privacy as a fundamental right that respects one’s human dignity, its scope was explicitly confined to living humans, creating a normative gap in the existing law. In the absence of any codified posthumous protection right, these actions not only breach their residual identity and dignity but also question and undermine the independence of their legal heirs and estates. The growing digital supremacy leading AI to make faces and voices necessitates re-evaluating the legality of posthumous privacy, which would navigate their estate, families and fans, a legal terrain to resolve the question of controlling and licensing their identity even after death, especially in India, where technology and AI are outpacing the regulatory standards.
Challenges
In the protection of posthumous privacy, the following challenges exist. First, the absence of statutes and doctrines almost everywhere means that privacy rights end with the death of the holder. The Digital Personal Data Protection Act, 2023, excludes deceased individuals, leaving a crucial regulatory gap. The Indian Judiciary in the Puttuswamy case recognised privacy as a part of Article 21; however, it limited its scope to living persons without recognising post-mortem privacy.
Second, in the absence of a legal framework, it becomes easier for individuals to exploit these assets for their own commercial gain without obtaining the consent of their family, which compounds the privacy problem in India by not extending laws related to ‘right of publicity’ post-death.
Although courts have recognised the publicity right under Article 21 and tort law (ICC Development v. Arvee Enterprises, (2003), its posthumous application remains untouched.
Third, the TV Networks Regulation Act of 1995, which often leads to collapsing the ethical boundaries of the media, are being justified on the rhetoric of “public interest”. For instance, the death of the Bollywood star Sridevi in 2018 flooded the press with graphics of her final moments, which had largely been criticised for being insensitive, invasive, and violating her dignity.
Fourth, in this digital era, the protection of national privacy remains porous. For example, the leaked WhatsApp messages of late actor Jiah Khan started being circulated digitally even years after her death, every time her case resurfaces in the media.
Learning from international best practices
In the case of the French Code Civil, allowing heirs to sue for violating the dignity of the deceased, as well as some states in the United States, such as California, grant posthumous publicity rights for a period of 70 years under the California Celebrities Rights Act of 1984. India may modify its Digital Personal Data Protection Act, 2023, to ensure posthumous privacy rights for a fixed period.
Further, Article 21, which ensures the protection of one’s right to life and dignity, should be extended to include the privacy and dignity of the deceased, as was even provided in the case of Ashray Adhikar Abhiyan v. Union of India (2002). Again, the media shall prohibit the intrusive reporting of death images and autopsy reports, thereby safeguarding posthumous privacy and dignity. Again, the court should adopt a proportionality test to help determine the conflict between public interest and posthumous privacy.
With the applicability of this test, the court can decide which one to prioritise over the other. Due to the borderless nature of digital content, countries should collaborate and enact a global framework for digital governance. Social media platforms like Google, Facebook, Instagram, and X should allow their users globally to set their data preferences for use after their death.
The road ahead
The failure to recognise posthumous privacy raises concerns about the limited rights of privacy and the dignity of an individual. These concerns could be intensified in the case of celebrities and public figures whose identities often contain commercial value, and the absence of legal protection would compromise and exploit their privacy and dignity.
A dedicated framework for the protection of posthumous privacy must be enacted to provide it with statutory recognition, establish ethical guidelines for the media, ensure judicial supervision, and foster global cooperation. Such a framework would ensure that a part of Article 21, including the rights to privacy and dignity, is not extinguished upon death; instead, it persists as a legal claim to ensure one’s dignity remains protected in life and thereafter.
Harshit Singh is a Research Officer at Rashtriya Raksha University, Gandhinagar, and Pradiptarathi Panda is an Assistant Professor at IIM Raipur.
