The 21st century might be the best for whistleblowers to live in: finally, reporting starts to be appreciated and recognized officially. More and more countries change their legislation for public and private entities accordingly. Yet, with whistleblowing comes many liabilities, both for the employers and the employees who blow the whistle. What are the odds?
Just as a whistleblower has their own interests and legal grounds to defend themselves, the companies are subject to trade secrets and have the right to protect their reputation. Whenever there is a dispute between the company and the employee, the court has to balance the rights and freedoms of both. So how to be on the safe side if you are the whistleblower?
The most important rule of whistleblowing and its starting point (reflected in the EU Whistleblowing Directive, SOX, Sapin 2, and others) is: Report in good faith. In most cases, the very condition of being in good faith before reporting (not having malign intentions) serves as protection for the whistleblower. That being said, even if you reported a false fact or event, but there is no evident malign intention, you can't be prosecuted. But does it always work like that?
No, and that's where the employer is protected: it matters in what way you obtained the information to report, and how related it is to the issues of civil, administrative, and labor liability. Two things may break it for the whistleblower: proof that they intentionally reported wrong information to cause reputational damage and obtaining illegally the data (even if the information is accurate and important for society).
It has happened already: one of the LuxLeaks whistleblowers, Raphael Halet, paid the fine for reporting on his employer, PwC. Halet could not win the appeal to the European Court of Human Rights and prove the use of his freedom of speech. What is allowed in whistleblowing to be on the safe side?
- Obtaining the information from the work context to which the whistleblower normally has access: emails, physical copies of the documents, photos, and more.
- Obtaining the information from the work context, to which the whistleblower normally doesn't have access. The Directive justifies access since the information is crucial to the public. The example is given in the EU Whistleblowing Directive (96) — the whistleblower may access coworkers' emails, take pictures of organizational premises, etc. The whistleblower will be protected from retaliation in any case, but if they committed a criminal offense to get the information, they would be judged on this basis separately. If they revealed more than necessary (including the information not related to the breach), again, the court would decide on the measures taken.
What is not allowed
- Acts that are unnecessary for reporting and/or qualify as criminal offenses. Hacking and hijacking, and breaking into the premises qualify as such. In this case, the whistleblower will still be protected but prosecuted for committing a criminal offense.
- Reporting externally before reporting internally. Before leaking the information to the public or reporting to the authorities, whistleblowers are obliged to report internally. The exception applies if the information is urgent, the employer did not react to the report, and the authorities might be involved in the wrongdoing.
Important: it is a general rule that whistleblowers are required to report internally first. Only if there is an immediate danger, reasonable concerns for retaliation, and both the employer and the authorities might be involved in the wrongdoing. But national legislation may allow reporting to the public – it is worth checking the information depending on the member state.
What are the positive introductions?
- The shift of the burden of proof. Whenever the whistleblower claims that they submitted a report within the Directive's scope and faced retaliation, the employer must prove that they did not take such actions.
- Protection from retaliation. The Directive protects whistleblowers, in any case, separating their contribution to public safety and protecting personal freedoms from liability for defamation or breaching the law to obtain the information.
Remember: each case is considered individually in the court in case of disputes and all the circumstances surrounding whistleblowing. In complicated cases such as LuxLeaks, the court will decide whether the way the information was leaked was justifiable and the personal liability of each of the participants.
Complicated cases such as LuxLeaks are a rare find – mostly, the whistleblower can always rely on the EU Whistleblowing Directive and be sure they won't be prosecuted. And good faith, legal access to information, and internal reporting are the fundamental principles that guarantee your security. If you are still in doubt about blowing the whistle, please consider:
- Legal assistance
- Anonymity options
- Free consultations from NGOs
- Information request from Ethicontrol