We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

French Court Limits the Scope of Employee Data Protection

Trevor R. Jefferies

06 August 2013
In a previous post back in 2010, we discussed a then-new data-privacy case decided by the French Cour de Casson (high court), called Bruno B v. Giraud et Migot, Cour de Cassation [Cass.], soc., Paris, 15 Dec. 2009, No. 07-44264.  As we said at the time, Bruno B was “a significant development” because, previously, French privacy laws offered an extremely high level of protection for employees’ data, as exemplified by the 2001 decision, Nikon France v. Onof, Cour de Cassation [Cass.], soc., 2 Oct. 2001, No. 4164.  There— to the chagrin of the business community—the court held that employees have a right to privacy at their workplace and that an employer’s search of employee files, even on the employee’s work computer, was a breach of that privacy.
French Court Limits the Scope of Employee Data Protection

But in Bruno B, an accounting firm fired Mr. B after the firm discovered files created on his work computer and addressed to government regulators in which he disparaged the firm for alleged tax and related fraud as well as working conditions.  Mr. B then sued the firm seeking damages for unjustified dismissal, arguing that the firm violated his rights under the EU privacy laws because the documents were his personal data.  On appeal, the French court held for the accounting firm, finding that because Mr. B failed to mark the documents as “private,” his former employer was justified in assuming that the documents were work-related and, as such, it could open them.

Thus, after Bruno B  our view was that in France “there is arguably no right to privacy to an employee’s computer-stored data unless the employee takes affirmative steps to designate the information as personal.”  In its new holding on the topic, released 11 July 2013, the French high court took that exact position.  See Monsieur X v. Young & Rubicam France, Cour de Cassation [Cass.], soc., 19 June 2013, No. 12-12138.

Monsieur X stemmed from the dismissal of a Young & Rubicam employee for serious misconduct relating to unfair competition. The employer’s termination decision came after a search of the employee’s workplace hard drive revealed numerous email and messages that had been sent to the employer’s competitors.

Unlike Bruno B, here the employee did not even create the communications on his workplace computer, but on his personal computer.  He then sent them through his personal email account to his work computer.  The French high court was not swayed by the birthplace of these documents, however, and held that, unless documents stored on a work computer are clearly labeled “private,” regardless of origin, the information is presumed to be professional in nature and is available for the employer to search, even in the employee’s absence.

Thus, the Monsieur X case signals France’s continued departure from the unyielding protection of individual privacy rights found in Nikon, and signals a continuing shift toward a more pro-business (or at least, balanced) stance on data-privacy issues.  As a bellwether for the rest of Europe, the Monsieur X decision may indicate the start of a trend toward limiting the sacrosanct privacy rights afforded in the workplace, at least unless those rights are prospectively preserved by the employee.

Trevor R. Jefferies

Future-Proofing Privacy: New and Stronger Rights

The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...

06 June 2016
Loading data