diff --git a/apparmor.d/abstractions/deny-sensitive-home b/apparmor.d/abstractions/deny-sensitive-home
index f31b0d40d..5cff2299c 100644
--- a/apparmor.d/abstractions/deny-sensitive-home
+++ b/apparmor.d/abstractions/deny-sensitive-home
@@ -39,12 +39,13 @@
   deny @{user_password_store_dirs}/{,**}  mrwkl,
   deny @{user_share_dirs}/kwalletd/{,**}  mrwkl,
 
+  # User defined private directories
+  deny @{user_private_dirs}/**               mrxwlk,
+  deny @{HOMEDIRS}/**/@{XDG_PRIVATE_DIR}/**  mrxwlk,
+  deny @{MOUNTS}/**/@{XDG_PRIVATE_DIR}/**    mrxwlk,
+
   # Deny executable mapping in writable space as allowed in abstractions/fonts
   deny @{HOME}/.{,cache/}fontconfig/ rw,
   deny @{HOME}/.{,cache/}fontconfig/** mrwl,
 
-  # Deny executable mapping in writable space as allowed in abstractions/base for ecryptfs
-  deny @{HOME}/.Private/** mrxwlk,
-  deny @{HOMEDIRS}/.ecryptfs/*/.Private/** mrxwlk,
-
   include if exists <abstractions/deny-sensitive-home.d>
diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d
index 69bf2646e..7a3ee5690 100644
--- a/apparmor.d/tunables/home.d/apparmor.d
+++ b/apparmor.d/tunables/home.d/apparmor.d
@@ -30,6 +30,9 @@
 @{XDG_GPG_DIR}=".gnupg"
 @{XDG_PASSWORD_STORE_DIR}=".password-store"
 
+# User personal private directories
+@{XDG_PRIVATE_DIR}=".{p,P}rivate" "{p,P}rivate"
+
 # Definition of local user configuration directories
 @{XDG_CACHE_DIR}=".cache"
 @{XDG_CONFIG_DIR}=".config"
@@ -61,3 +64,4 @@
 @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}
 @{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}
 @{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}
+@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}