The EU’s Whistleblowing Directive is supposed to protect whistleblowers comprehensively – but its strict implementation might do just the contrary: The protection of reporting persons would end up shattered and remain insufficient. Neither national security whistleblowers such as Edward Snowden nor persons reporting sexual offences would be protected under the Directive’s provisions – to name only two protection gaps. Therefore, a “1:1 implementation” as discussed by the German Government is the wrong way. Quite contrary the implementation of the Directive should be seen as a chance to enact a comprehensive and all-encompassing national whistleblowing regulation.
The Directive’s material scope should be widened in the implementation process
At present two ways of implementing the Directive (EU) 2019/1937 “on the protection of persons who report breaches of Unions law” are discussed in the Member States. One proposal, especially considered in Germany, is called a “1:1 implementation” (this approach is part of the German coalition agreement between the CDU/CSU and SPD parties at least for some areas of the law, see p. 64). The national legislator would basically copy and paste the Directive’s material scope. We strongly reject this approach and plea for a comprehensive solution by widening the scope generally to any breach of law (including breaches of employment contracts). This would be in line with the aim of the Directive and the demand towards the Member States to develop a “comprehensive and coherent whistleblower protection framework” (recital 5).
In contrast to the Directive’s clear and comprehensive personal scope which ranges from the private to the public sector, its material scope is rather narrow and complex. To be protected as a whistleblower, defined in the Directive as a “reporting person,” one needs to disclose a breach of EU law as listed in Article 2 and in the Annex on almost ten pages. This scope is narrow because it includes only some areas of EU law. The Annex refers to roughly 150 EU legislative acts, while presently 11889 EU Regulations and 1350 Directives are in force. Naturally, the Directive does not cover breaches of national law, for example issues of national security or criminal law where the EU has no competence. Thus, a national security whistleblower like Edward Snowden or the less famous Constantin Bucur who blew the whistle on surveillance abuses by the Romanian Intelligence Service would not fall within the Directive’s scope. The same holds true for whistleblowers who report crimes, unless the crime constitutes a breach of EU law to which the Directive refers, such as corporate tax evasion or fraud affecting the financial interests of the EU.
Nevertheless, business associations and parties in the Member States argue in favour of a “1:1 implementation”, simply because the national legislator is not obliged to widen the scope. They further argue that it would go too far to grant protection to civil servants in the area of national security under the Directive because of the sensitive nature of national security.
These arguments are not convincing and presently, as far as we know, no scholar supports the idea of a “1:1 implementation.” From a legal angle, it is hardly arguable that the implemented Directive should be restricted to certain areas of EU law and not cover other areas of EU and national law. In many cases it would be a cumbersome process to estimate whether a whistleblower is protected under the Directive because he or she needs to find out whether the misconduct constitutes a breach of EU law covered by the Directive, “only” a breach of other EU law, or “only” a breach of national law. A whistleblower who is probably not a legal expert will, in many cases, not be able to unravel this mystery. Due to these uncertainties, chilling effects are likely to occur as employees may abstain from their right to blow the whistle. Therefore, a “1:1 implementation” would lack clarity and certainty in the described cases. Furthermore, compliance officers will need more time to reliable determine if a reporting falls within the Directive’s scope and consequently the workload for companies with internal reporting channels will increase.
Even more compelling is the argument that a “1:1 implementation” will unfoundedly lead to different regimes of protection in a single Member State, depending on whether they are protected under “old” national whistleblowing laws or fall under the scope of the newly implemented Directive. This is because according to the provisions of the Directive a whistleblower can choose whether he or she blows the whistle internally or externally to the authorities, and only public disclosures are bound to additional requirements. However, according to a common approach stemming from national legislations of certain Member States, a whistleblower is generally obliged or at least strongly encouraged to disclose information internally before he or she can take further steps such as reporting to the authorities or making a public disclosure. Thus, some whistleblowers will be protected by the Directive’s provisions and can freely choose whether to report internally or externally, while others who report breaches of other legislation not covered by the Directive, e. g. human rights, cannot rely on the same level of protection. In many cases a rational reason will be absent to justify why a whistleblower should not be protected by the more whistleblowing-friendly provisions of the Directive. Consequently, scholars have raised the question whether the right to equality before the law can be guaranteed with a “1:1 implementation.” It seems hardly justifiable that a person reporting a breach of EU law concerning animal health is protected under the provisions of the Directive, while he or she would not be protected under the Directive when reporting about ill treatment of old people in the care sector. The same holds true for reporting a breach of the General Data Protection Regulation (protected under the Directive) in comparison with reporting sexual offences (not protected under the Directive).
Further, we encourage the Member States to develop legislation covering national security whistleblowing. Otherwise the legal protection of whistleblowers like Katherine Teresa Gun, Frank Søholm Grevil, Edward Snowden, and Chelsea Manning will remain insufficient and uncertain. These prominent cases particularly demonstrate the eminent public interest in disclosing misconduct such as deception of the public, mass surveillance, and other abusive practices. This is also the stance the ECtHR took when ruling in Bucur and Toma v. Rumania, that punishment of national security whistleblowers who disclosed information about abusive surveillance practices by the Romanian Intelligence Service violated freedom of expression. Additionally, the Parliamentary Assembly of the Council of Europe recommends establishing national security whistleblower protections in its Resolution 1954 (2013), referring to the Tshwane Principles CoE Member States should consider (see also Resolution 2060 (2015) para. 4).
Therefore, they should no longer ignore the national security blind spot and initiate genuine discussions on this matter. The last thorough debate that led to substantial legal reform of state secrecy law in Germany is more than 50 years old, long before freedom of information acts came into force. Seven years after Snowden’s surveillance revelations and in the light of the pending implementation of EU’s Whistleblowing Directive, it is about time to deliberate the subject in depth. Especially the more backward Member States, like Germany, should seize the moment to develop a comprehensive whistleblower protection legislation. After all, it is clear that a “1:1 implementation” would miss this point and would not be an acceptable solution. On the contrary, this approach would create legal uncertainty and trigger chilling effects. One of the major keys to avoid this scenario and grant clarity, certainty, and equality before the law for all involved parties, is the extension of the material scope to generally any breach of the law.