They come from different parts of the world, but still share one factor: whistleblowers started it all.
The purpose of the EU Directive is defined clearly: to ensure the freedom of speech and protect the EU's financial interests. A lot of positive amendments to existing laws were made in pursuit of the latter, yet there are some tricky moments that need to be discussed. Spoiler alert: for big businesses in the EU, it is a serious reason to step it up.
Indeed, the definition of whistleblower existed long before 2019 — but less than in half of the EU member countries. Now the whistleblower can be determined as such in legal proceedings and gets an individual approach depending on the case he reported. A whistleblower is any person who reports or discloses information obtained in a work-related context. The information should serve public or individual interest (protection of human rights) and prevent possible damage.
What is NEW: the broadest definition of whistleblower which currently exists. Not only full-time employees but volunteers, self-employed persons, candidates for employment, contractors, and many more can enjoy the protection of this Directive.
The whistleblower should consider the information he reports or discloses true at the moment of submitting the report and is required to use internal channels first (established by the company). Two important clarifications here:
What is NEW: a so-called reversal of the burden of proof. Before this, the whistleblower had to prove that he suffered retaliation and provide evidence. Now this burden shifts to the accused person in case the whistleblower are right at first sight.
Two types of channels were introduced for implementation: internal and external. External channels should be created by State members, while internal channels are the responsibility of public and private entities. The current requirements for reporting channels are:
What is NEW: both public and private entities should implement internal channels for whistleblower reports (with particular attention to the financial sector). Only non-financial small companies (up to 50 people) are exempt from this liability.
Every time you collect data, you should follow the principles of the General Data Protection Regulation (GDPR). All the people involved should be guaranteed protection from data leaks: the reporting person, the concerned person, and the third person mentioned in the report. Only authorized persons can have access to gathered information.
A reporting person gets the right to protection, while the concerned can defend himself as soon as the investigation starts. The employer can collect all the evidence in his favour and should have full access to the files.
What is NEW: member states should ensure the opportunity to get legal advice and assistance for the whistleblower in financial need. Before this, whistleblowers had to cover all legal expenses themselves.
All offences of concerned persons and false reports made by informants will be penalized in an obligatory way. However, we don't know the numbers yet: penalties will be defined by state members individually. It's already done in France and the UK, even though sanctions are mostly referred to confidentiality breaches.
What we can know for sure: the European Parliament rejected the strategy of the US in giving rewards to whistleblowers. Whistleblowers should act with good reasons and have no financial interest — a contentious moment considering all the risks that the whistleblower takes.
What is NEW: in particular cases, the employer will be legally obliged to offer a whistleblower remedy chosen by the court. This means that now the employer can't offer compensation instead of reinstatement on a regular basis (because it may discourage other whistleblowers).
Talking about the trade secret: it is allowed to disclose the information containing the trade secret in a work-related context. If the information about the breach of the law couldn't be disclosed without trade secret revelation, whistleblowers are not responsible for the consequences.
As a result, poorly organized internal channels can result in significant, material losses for the company.
Another controversial point of the new Directive is the way the whistleblower can obtain the information. The whistleblower can reveal not only the information to which he has direct access but also emails of his coworkers, and pictures of facilities he usually doesn't have access to (criminal offence such as hacking or physical damage is still punished). Despite the illicit actions of the whistleblower, the court should consider the case individually and take into account all the circumstances.
| As a final result, damage to reputation may be not reimbursed. |
We've introduced only the main points of the Directive on the protection of persons reporting on breaches of Union law — it has many more details that you should be aware of as a whistleblower or business owner. The Directive is way stricter than all previous legislations in the field of whistleblowing.
Currently, it is the most comprehensive law on the protection of informants. The Directive can significantly influence the rate of corruption in the EU countries and prevent violation of human rights — the whole picture can be seen only after 2021 (when the Directive is fully implemented).