Whistleblowers who expose breaches of European Union law will be afforded greater protection from retaliation by companies and public authorities under a draft law proposed by the European Commission in April 2018. The draft Directive protects those who report violations of competition, public procurement, and data protection rules, as well as misdeeds such as money laundering and tax evasion.
The proposal comes in the wake of a series of tax avoidance cases triggered by whistleblowers, such as the LuxLeaks case where two former accounting firm employees received six-month suspended prison sentences for leaking data about Luxembourg’s tax deals with large corporations.
Protections for Whistleblowers
To encourage and safeguard the reporting of misconduct, the draft Directive establishes safe channels both within organizations and to Member States’ public authorities. Companies with over 50 employees or with an annual turnover of over €10 million will be required to establish internal procedures to handle reports by whistleblowers. Companies will have a duty to protect whistleblowers from any type of reprisal, including lay-offs, suspensions, transfers of duties, and disciplinary or financial penalties. In judicial proceedings, whistleblowers will be exempted from liability for breaching restrictions on the disclosure of information imposed by contract or by law.
Minimum Standards
The draft Directive sets out a minimum standard of whistleblower protection, but EU Member States may very well introduce provisions more favorable to whistleblowers.
Data Protection
Companies must ensure that the implementation of whistleblowing schemes complies with EU data protection law, including the General Data Protection Regulation.
Looking ahead
The draft Directive is pending adoption by the EU Parliament and the Council, and is anticipated to become applicable in 2021. Implementing effective whistleblower protection across the EU will require authorities and EU legislators to carefully balance the discovery of misdeeds with protecting whistleblower’s personal data and safeguarding companies’ trade secrets.
______________________________________________________________________________
To make sure you do not miss out on regular updates of the Kluwer Competition Law Blog, please subscribe to this Blog.
________________________
To make sure you do not miss out on regular updates from the Kluwer Competition Law Blog, please subscribe here.
In April SEC fined Altaba Inc., formerly Yahoo Inc., $35 million over its handling of a 2014 hack, marking the first time the SEC penalized the victim of a breach. The law is going to incentivize people inside an organization to step forward and disclose wrongdoings, and SEC is taking the issues of cybersecurity seriously. This will put pressure on companies to be more careful about how they deal with potential tipsters.