The employer’s right to access employees’ e-mails on their professional mailboxes is not absolute

The employer’s right to access employees’ e-mails on their professional mailboxes is not absolute

13.10.2016 LU law

In a recently published decision of 28 April 2015, the Court of Appeal addressed the issue of the employer’s right to access employee’s e-mails when sent from or received on a professional mailbox. 

The Court held that, in the absence of proof to the contrary, such e-mails are presumed to be professional in nature. If an e-mail is identified as being personal, the employer who would read it would then commit a criminal offence under the Amended Act of 2 August 2002 concerning the protection of individuals with regard to the processing of personal data (the Data Protection Act) and the Amended Act of 30 May 2005 concerning the specific provisions for protection of the individual in respect of the processing of personal data in the electronic communications sector, and amending Articles 88-2 and 88-4 of the Code of Criminal Procedure. In this regard, the Court found that one should first look at the heading of the email to determine the nature thereof.

In this case, the plaintiff complained that her former employer opened private e-mails that were received on her professional mailbox after she was dismissed. The Court first recalled that, pursuant to the DPA and Article L.261-1 of the Employment Code, the surveillance at the workplace requires a prior authorization from the National Commission for Data Protection (the CNPD), which here had been granted. However, the CNPD added that even if emails exchanged in the workplace are presumed to be professional in nature any prohibition of private use would not render all of them being private. That being said, in the current case, there was no such prohibition, although claimed otherwise by the employer.

For two out of the three e-mails at stake, the Court held that their private character was not sufficiently demonstrated. On the opposite, the third one was “clearly” personal since the heading contained the words “Confidential” and “Private”. The mere reading of this e-mail amounts to a criminal offence, since the law does not require any wilful intent from the employer in this case. As a consequence, the Court upheld the first-instance judgement imposing a fine of 500 EUR.

Finally, we would like to remind that, in October 2014, the CNPD published a booklet on the supervision at the workplace. The different forms of surveillance analyzed in this brochure are video-surveillance, surveillance of the usage of IT equipment, Internet usage and e-mail traffic, recording or tracing of telephone calls, biometric recognition systems, geolocalization (GPS) and supervision of electronical access and of working hours.


The case can be found in Journal des Tribunaux du Luxembourg, n° 45, 5 June 2016, p. 87, while the booklet can be found on


This article was co-written by summer intern Marie d’Otreppe.


Related news

26.10.2017 NL law
Autoriteit Persoonsgegevens adviseert negatief over Implementatiewet PSD2

Short Reads - Het wetsvoorstel Implementatiewet herziene richtlijn betaaldiensten ("Wet PSD2") voorziet in de wijziging van verschillende wetten (waaronder de Wet financieel toezicht (Wft) en het Burgerlijk Wetboek (BW)) en de nationale omzetting van Richtlijn (EU) 2015/2366 van het Europees Parlement en de Raad van 25 november 2015 betreffende betalingsdiensten in de interne markt, houdende wijziging van de Richtlijnen 2002/65/EG, 2009/110/EG en 2013/36/EU en Verordening (EU) nr. 1093/2010 en houdende intrekking van Richtlijn 2007/64/EG.

Read more

25.10.2017 NL law
Ontwerpwet Generieke Digitale Infrastructuur voor advies naar de Autoriteit Persoonsgegevens

Short Reads - Met de ontwerpwet Generieke Digitale Infrastructuur ("Wet GDI") wordt beoogd dat burgers de beschikking krijgen over elektronische identificatiemiddelen ("eID") met een hoger betrouwbaarheidsniveau dan het huidige DigiD. Tegelijkertijd krijgen publieke dienstverleners meer zekerheid over de identiteit de burger aan wie zij die diensten verlenen.

Read more

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.

Privacy and Cookie Policy