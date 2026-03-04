A lack of standardization in the way governments and tech firms handle the digital accounts of the deceased could invite fraud and exploitation, the OpenID Foundation has warned.

The standards body released a report yesterday calling for a new framework to close systemic gaps across platforms, jurisdictions and industries.

The Unfinished Digital Estate, warned that no consistent global standards exist to ensure that devices and email, social media, cryptocurrency and other accounts are both accessible to the right people and protected after the account owner dies.

“This issue affects every internet user eventually, yet platforms treat death as an edge case,” said report co-author Dean Saxe. “We have standards for authentication, authorization, and digital consent. We need the same coordinated approach for what happens when users die, before AI deepfakes make this even more complicated.”

The OpenID Foundation’s calls are made more urgent by the growing menace of deepfakes.

The report warned that, in the absence of protections, deepfakes could be used to simulate deceased account holders for “manipulation, disinformation or profit.” It argued that impersonation tactics could be used to target surviving relatives or friends, using the deceased as “bait” in social engineering attacks or scams.

Nefarious individuals might even weaponize access to shared accounts, photos and data to target individuals with abuse or stalking, the standards body claimed.

Personal data collected by websites – including purchases, chats, and electronically submitted information – loses all protection under the GDPR and CCPA once an individual has passed away. However, failing to protect “identity autonomy” after death could open the door to abuse, the report claimed.

A Call for Coordinated Action

The OpenID Foundation called for action from policymakers, tech platforms and standards bodies. It said: