||Personal data of deceased persons
|Austria||05.06.2018||No, the ADPA does not provide for special provisions on the processing of personal data of deceased persons.
|Denmark||06.09.2018||§ 2(5): Data Protection Act and the GDPR apply to deceased persons until 10 years after the time of death.
|Finland||13.11.2018||The proposed Data Protection Act does not apply to the processing of personal data of deceased persons.
|France||11.02.2019||Article 40-1. The FDPA reiterates the right already provided for by the digital republic Act allowing data subjects to establish instructions for the management of their personal data after death.
The InfoAct was modified to include provisions on the processing of personal data of deceased individuals. It provides that either a person appointed by the data subject during their life or a close relative will be able to exercise the data subject's rights after their death.
Section 2-terdecies of the IDPA provides that the rights referred to in Sections 15 to 22 of the GDPR for deceased people can be activated by a data subject who has an interest in the protection, by his agent, or for family reasons worthy of protection ("Representative").
|Slovakia||13.09.2018||If the data subject is deceased, consent may be given by "a close person" (Article 78(7) of New DPA). Consent is not valid if any other close person disagrees.|
|Spain||05.03.2019||The SDPA does not apply to the personal data of deceased individuals. However, Article 3 provides that heirs are entitled to access, request deletion and rectification of the relevant data from data controllers and processors, unless deletion or rectification was prohibited by the deceased individual or by applicable law. Executors can also act as heirs. If an heir is a minor or disabled then the Public Prosecutor can act on their behalf.
Article 96 of the SDPA sets certain specific rules on how information society services' providers shall address the heirs' right of access.