The European Commission has just published its long awaited draft whistleblower directive, which is the first step towards establishing a common standard for whistleblower protection across the EU.

Although the importance of the role whistleblowers play is better appreciated in Europe than almost anywhere else, and there have been international commitments to protect whistleblowers at the Council of Europe and G20, there is a surprising lack of effective legal protections in many countries. Germany, for one, still lacks any kind of whistleblower protection law.

Inconsistent protection is one problem, but some European countries have banking secrecy laws that unfairly penalise financial whistleblowers. This was brought into sharp relief by the LuxLeaks revelations, which showed how the government in Luxembourg was allowing large multinationals to avoid tax, to the detriment of other EU member states. LuxLeaks whistleblower Antoine Deltour is still appealing his criminal conviction.

It was LuxLeaks, together with the recognition that Trades Secrets legislation presents a new danger to whistleblowers, that brought together the campaign for EU-wide whistleblower protection. Following a resolution from the European Parliament in late 2017 calling on it to act, we can now see how the European Commission has responded to that campaign.

What we think

Courage welcomes the draft directive, the final version of which will become legally binding across the European Union. It is a stronger document than many expected. Nevertheless, we think the success of the draft ultimately has to be judged in whether it will ensure future Antoine Deltours can come forward without being put in legal jeopardy. We still need to be convinced that protections for truthtellers who go to the press are strong enough for that to be the case.

We would have liked the draft directive to recognise that systematic issues are never going to be served well by internal channels, that not all public interest disclosures come from within organisations and that one of the best ways of protecting truthtellers is by enabling them to maintain their anonymity. Nevertheless, this is undeniably an important move forward and we congratulate all those involved in the campaign for EU-wide whistleblower protections for getting us this far.

Understanding the draft directive

The main focus of the draft directive is on providing internal channels for workers (including contractors, traineees volunteers and shareholders) to report wrongdoing, including wrongdoing that falls short of breaches of the law. The draft directive offers nothing to the truthtellers who act from outside the organisations they are blowing the whistle on.

For workers, there is some scope for disclosure to external regulators where truthtellers “could not reasonably be expected to use internal reporting channels in light of the subject-matter of the report” or “had reasonable grounds to believe that the use of internal reporting channels could jeopardise the effectiveness of investigative actions”.

We welcome the obligation placed on employers and public bodies to establish internal channels for whistleblowers acting from within organisations, but it is important to acknowledge these will never be able to work for everyone, particularly those whose concerns are about patterns of behaviour or systemic policies.

The right to go to the media without repurcussions or employer retaliation is more limited than we would like to see. Truthtellers are expected to have tried internal channels or external regulators first unless in cases of “imminent or manifest danger for the public interest, or to the particular circumstances of the case”. How this is implemented will be important; a whistleblower should not have to prove the existence of an “imminent or manifest” danger.

The draft includes protections from prosecution and employer retaliation for those making protected disclosures, which we welcome. It does not make provision for anonymous reporting, which is an important source of protection for truthtellers.

The directive takes in a broad range of EU activities. That includes a whole host of important areas, such the financial interests of the EU, product safety, environmental protection, public health and nuclear safety. This also means that the protection of personal data and the security of computer networks will be covered by these protections, which we welcome.

EU competencies do not include important areas like national security, human rights and national health and education systems. These by definition are not covered by the draft directive. Other areas – including policing, borders and trade agreements – which the EU does cover are also not included in this draft. The European Commission is calling on member states to implement the recommendations of the Council of Europe in these areas.

Finally, the draft invites member states to provide statistics on the number of reports made to the relevant authorities, the number of investigations initiated and resolved and the estimated financial costs recovered as a result of whistleblower action.

What happens next?

The European Commission’s proposal will now be reviewed by the European Council (made up of the heads of government of EU member states) and the elected European Parliament, both of which can make amendments. Once a directive is finalised, EU member states are obliged to pass their own laws to put the directive into effect in national law. There’s a long way to go before we get there and we will keep you updated on developments.