Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Employment Privacy, International/EU Privacy

French Court Limits the Scope of Employee Data Protection

Keyboard lockIn a previous post back in 2010, we discussed a then-new data-privacy case decided by the French Cour de Casson (high court), called Bruno B v. Giraud et Migot, Cour de Cassation [Cass.], soc., Paris, 15 Dec. 2009, No. 07-44264.  As we said at the time, Bruno B was “a significant development” because, previously, French privacy laws offered an extremely high level of protection for employees’ data, as exemplified by the 2001 decision, Nikon France v. Onof, Cour de Cassation [Cass.], soc., 2 Oct. 2001, No. 4164.  There— to the chagrin of the business community—the court held that employees have a right to privacy at their workplace and that an employer’s search of employee files, even on the employee’s work computer, was a breach of that privacy.

But in Bruno B, an accounting firm fired Mr. B after the firm discovered files created on his work computer and addressed to government regulators in which he disparaged the firm for alleged tax and related fraud as well as working conditions.  Mr. B then sued the firm seeking damages for unjustified dismissal, arguing that the firm violated his rights under the EU privacy laws because the documents were his personal data.  On appeal, the French court held for the accounting firm, finding that because Mr. B failed to mark the documents as “private,” his former employer was justified in assuming that the documents were work-related and, as such, it could open them.

Thus, after Bruno B  our view was that in France “there is arguably no right to privacy to an employee’s computer-stored data unless the employee takes affirmative steps to designate the information as personal.”  In its new holding on the topic, released 11 July 2013, the French high court took that exact position.  See Monsieur X v. Young & Rubicam France, Cour de Cassation [Cass.], soc., 19 June 2013, No. 12-12138.

Monsieur X stemmed from the dismissal of a Young & Rubicam employee for serious misconduct relating to unfair competition. The employer’s termination decision came after a search of the employee’s workplace hard drive revealed numerous email and messages that had been sent to the employer’s competitors.

Unlike Bruno B, here the employee did not even create the communications on his workplace computer, but on his personal computer.  He then sent them through his personal email account to his work computer.  The French high court was not swayed by the birthplace of these documents, however, and held that, unless documents stored on a work computer are clearly labeled “private,” regardless of origin, the information is presumed to be professional in nature and is available for the employer to search, even in the employee’s absence.

Thus, the Monsieur X case signals France’s continued departure from the unyielding protection of individual privacy rights found in Nikon, and signals a continuing shift toward a more pro-business (or at least, balanced) stance on data-privacy issues.  As a bellwether for the rest of Europe, the Monsieur X decision may indicate the start of a trend toward limiting the sacrosanct privacy rights afforded in the workplace, at least unless those rights are prospectively preserved by the employee.