The Whistleblower Directive in a nutshell
The main principles of the Whistleblower Directive are as follows:
- The Whistleblower Directive has a very broad scope of application. It applies to whistleblowers reporting breaches of Union law, such as public procurement, financial services, money laundering, terrorist financing, product safety, transport safety, environmental protection, radiation protection, food and feed safety, animal health and welfare, public health, consumer protection, data privacy, etc.
- The personal scope of application is not limited to civil servants but also covers, without being exhaustive, employees, self-employed individuals and board members.
- Legal entities in the private sector employing at least 50 employees have the obligation to establish internal reporting channels. Individuals can also report breaches of Union law to an external reporting channel.
- The identity of a whistleblower cannot be disclosed, apart from certain exceptions (e.g. if such disclosure is deemed necessary and proportionate in the context of (judicial) proceedings)
- Data should be processed in accordance with the GDPR.
- Member States are required to take all necessary measures to prohibit any form of retaliation against whistleblowers.
Belgian implementation of the Whistleblower Directive in an employment context…What to expect?
- It remains to be seen how the Belgian legislator will implement the Whistleblower Directive.
The Belgian legislator might implement a protection regime that is based on or similar to the dismissal protection applying to employees who have filed a request for a formal psychosocial intervention relating to a situation of violence, moral harassment or unwanted sexual behaviour at work.
In short, this situation would mean that an employer could not subject a whistleblowing employee to any retaliation measure (including a dismissal), subject to the risk of the whistleblowing employee filing a request for reinstatement or the employer being ordered to pay a lump-sum protection indemnity of 6 months’ salary (or higher damages if proven).
If such “mirror”-protection is implemented, then it is likely that this protection will only apply to whistleblowing employees and not by analogy applied to whistleblowing individuals with another status (e.g. self-employed individuals). It remains to be seen how the Belgian legislator will cope with this situation and whether indeed different protection regimes would apply according to the status of the whistleblowing individual. If different protection regimes would apply, in which the protection of certain statuses would be more far-reaching than for others (e.g. the protection for employees would be more favourable than the protection for self-employed individuals), then the risk of an unequal treatment case before the Constitutional Court cannot be excluded.
- The obligation to establish an internal reporting channel only applies to legal entities employing at least 50 employees. In Belgian employment legislation, headcount thresholds are often evaluated at the level of the technical business unit and not at the level of the legal entity. When several legal entities each employ less than 50 employees but together constitute a technical business unit employing 50 employees, there is, according to the Whistleblowing Directive, no obligation to establish an internal reporting line.
- It remains to be seen which role will be allocated to the employee representative bodies (which in Belgium are established at the level of the technical business unit) when setting-up an internal reporting channel and related procedures as the Whistleblowing Directive provides that this will be done “following consultation and in agreement with the social partners”.
- The fact that the identity of a reporting person cannot be disclosed is, among others, contrary to the recommendation of the Data Protection Authority (former Privacy Commission) of 29 November 2006. In this recommendation, it advised against a whistleblowing system based on anonymous notifications.
We expect that the Data Protection Authority will adjust its recommendation regarding whistleblowing systems and align its position with the Whistleblowing Directive (and its Belgian implementation measures).
The Whistleblower Directive is a minimum level directive and must be implemented within 2 years after it enters into force (which as of today’s date is not yet the case). Hence, the Belgian legislator still has some time and margin to develop rules that fit within the new European whistleblowing framework. As there is currently no general whistleblowing legislation in place in Belgium (if whistleblowing rules in Belgium do exist, then their scope is very limited and only covers particular sectors), implementing the Directive will be a challenging exercise.
We will monitor further developments closely and provide you with updates in the coming months.