The European Commission has proposed a new law to strengthen whistleblower protection across the EU as a means to unveil unlawful activities and help enforce EU law. According to the Commission, the catalyst for the new rules has been provided by recent scandals such as Luxleaks, the Panama Papers and Cambridge Analytica. The legislative proposal intends to guarantee a high level of protection for whistleblowers who report breaches of EU law by setting new, EU-wide standards.
The reforms are long due, as whistleblower protection to date has been patchy both at Member State and EU levels. According to a Commission factsheet, only ten EU countries (France, Hungary, Ireland, Italy, Lithuania, Malta, Netherlands, Slovakia, Sweden and the UK) offer comprehensive legal protection to whistleblowers. In the remaining EU countries, the protection granted is partial, in that it covers only public servants or only specific sectors (for instance financial services) or only specific types of wrongdoings (such as corruption). At EU level, it is only in a limited number of sectors that measures have been put in place to protect whistleblowers, principally in financial services.
The draft measures define a whistleblower as a person (that can include an employee, a self-employed person, a freelancer, a supplier, a volunteer, an unpaid trainee or a job applicant) who reports or discloses information on violations of EU law which they observe in their work-related activities. Whistleblowers can also qualify for protection if they had reasonable grounds to believe that the information reported was true at the time of reporting, or if they have serious suspicions that they observed an illegal activity.
According to a Commission FAQ list, under the new Directive a whistleblower is granted protection when reporting on breaches of EU rules in the areas of: public procurement; financial services, anti-money laundering and counter terrorist financing; product safety; transport safety; environmental protection; nuclear safety; public health; food and feed safety, animal health and welfare; consumer protection; and protection of privacy and personal data, and security of network and information systems. The Directive further applies to breaches relating to EU competition rules, breaches harming the EU’s financial interests, and breaches of corporate tax rules or arrangements whose purpose is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law.
Furthermore, all companies of a certain size (or of any size if operating in financial services or vulnerable to anti-money laundering or counter terrorist financing), all state and regional administrations, and local municipalities of more than 10,000 inhabitants must create internal reporting channels whilst ensuring the confidentiality of the whistleblower’s identity. They also need to designate a person or a department responsible for receiving and following up on the reports. Member States must identify the authorities charged with receiving and following up on reports about breaches under the new law. These authorities should put in place specific, user-friendly channels, separate from their normal public complaints systems, to allow for reporting, and dedicated staff to handle and follow up on reports.
To deal with any retaliation that whistleblowers may suffer, the new law also provides protection mechanisms which include free legal advice, remedial measures, freedom from liability for infringing any contractual ‘gagging’ clauses and reliance on the new EU law as a defence in judicial proceedings.