No, Employee Hard Drive Labelled "Personal Data" Is Not Private

For various reasons, employers may wish or need to check files on an employee's desktop or laptop. From a legal point of view, this is often tricky as privacy laws and other legislation may impose restrictions.

In Libert v France of 22 February 2018 (available in French), the European Court of Human Rights (ECHR) ruled that employers may access files on an employee's computer which are not clearly marked "private" without violating Article 8 of the European Convention on Human Rights. It follows from this decision that files not marked private are considered professional documents which may be freely accessed by the employer.


The facts of the case can be summarised as follows.

An employee of the French railway company (SNCF) was dismissed following the discovery on his computer of adult material (1562 files) and false declarations made for third parties. The files had been saved on the employee's hard drive, which was labelled données personnelles ("personal data"). The employee challenged his dismissal before the national courts, which sided with the employer.

The ECHR's reasoning

With regard to a possible violation of the right to privacy (Article 8 of the European Convention on Human Rights), the ECHR takes the view that accessing files on an employee's computer in the employee's absence and without informing the employee constitutes an invasion of the employee's right to privacy.

However, in the case at hand, the ECHR found the interference to be acceptable. The Court followed the reasoning of the Amiens Court of Appeal that the files had not been clearly marked "private" (privé).

Indeed, the adult material was saved in a folder entitled Rires ("Laughs") on the D drive which the employee had labelled données personnelles ("personal data"). The false declarations were saved in various folders, under the names "Fred [P.]", "Socrif" and "Catherine".

The D drive is generally made available to SNCF employees for professional documents. The appellate court ruled that an employee cannot consider or label the complete hard drive as private and that, in any case, the term "personal data" could also refer to professional files handled by the employee personally and, therefore, does not clearly indicate that the documents are private. Furthermore, the SCNF's acceptable use policy expressly states that private files must be marked as such.

For these reasons, the ECHR found that the individual's right to privacy had not been violated.


We agree that in general an employer should be able to monitor the activity of its employees and to this end access professional files. Only individual folders and files (thus not an entire hard disk or substantial part thereof) clearly marked "private" should not be examined by the employer. Employers should also ensure that their IT policies contain clear rules on the acceptable use of IT resources by employees.

As far as e-mails are concerned, the situation is:

  • similar in Luxembourg, provided the message is clearly marked “PRIVATE” and “CONFIDENTIAL” (the Luxembourg Court of Appeal has nevertheless surprisingly ruled that "Privé-Drink Nouvel An” is not sufficient); and
  • slightly more complicated under Belgian law. The Electronic Communications Act requires consent if the employer wishes to access e-mails to which it is not a party, regardless of whether the e-mail is professional or private in nature.

Related : NautaDutilh ( Mr. Thierry Duquesne ,  Ms. Heidi Waem )


Mr. Thierry Duquesne Mr. Thierry Duquesne
Associate Partner
Ms. Heidi Waem Ms. Heidi Waem
Senior Associate

Click here to see the ad(s)

Lastest articles by Mr. Thierry Duquesne

The Company Manager and Affiliation to a Social Insurance Fund for Self-Employed Persons

Belgian employment law has no specific rules applicable to company managers. As the Brussels Labour Court stated in a jud...

Read more


  La procédure de licenciement collectif se déroule en plusieurs étapes. 1. Cette procé...

Read more

Lastest articles by Ms. Heidi Waem

GDPR Series: Part 18 - Automated Individual Decision-Making, Including Profiling

This series provides more detailed insight into the General Data Protection Regulation ("GDPR"), which was publi...

Read more

The Revised Video Surveillance Act

The Act of 31 March 2007 governing the installation and use of surveillance cameras (hereinafter the "Video Surveilla...

Read more

GDPR Bill Finally Released

The Belgian GDPR bill is finally ready and has been submitted to Parliament for review. Please find below a brief summary ...

Read more

Proceedings Before the Inspectorate

On 10 January 2018, the Act creating the Data Protection Authority (the “Act”) was published in the Belgian St...

Read more

LexGO Network