Saturday 19 October 2019

Jeffrey Greene: 'New EU whistleblower protection plan will put more onus on the private sector'

Public interest: Cambridge Analytica whistleblower Christopher Wylie. Photo: Getty Images
Public interest: Cambridge Analytica whistleblower Christopher Wylie. Photo: Getty Images

Jeffrey Greene

Early last week, the European Parliament and EU members states reached provisional agreement on new rules that, if formally approved, would guarantee high levels of protection for whistleblowers right across the EU. This is the culmination of considerable work by the European Commission since early 2017.

The commission put forward two main reasons for this new legislation.

Firstly, the public interest served by whistleblowers, with specific reference to the important part played by whistleblowers in recent high-profile matters such as 'Dieselgate' (Volkswagen), the Panama Papers and Cambridge Analytica.

Secondly, the fact that whistleblower protection across the EU is uneven, with many countries protecting only very limited categories of disclosures or workers. Ireland, though, can already hold its head high in this regard.

Our legislation, the Protected Disclosures Act 2014 (as amended), has been widely commended for its high level of whistleblower protection.

Although an amendment in 2018 to protect the disclosure of trade secrets has reduced protection in certain situations, nevertheless many of the provisions of the proposed EU directive are already in place and/or do not require a mindset change, as will be required in other member states.

The draft directive seeks to protect whistleblowers who reveal breaches of EU laws and thus will widen the scope of what is currently protected in Ireland. At present, a whistleblower in Ireland is protected if he/she makes a "protected disclosure", meaning a disclosure relating to certain stated grounds such as the commission of an offence, health and safety, misuse of public money and damage to the environment.

The scope of the proposed directive goes much further and would include breaches relating to money laundering, corporate tax laws, food, product and transport safety, environmental protection, public procurement, data protection, consumer protection, nuclear safety and public health.

Interestingly, it is reported that Ireland sought for tax issues to be excluded from this list, but this was strongly resisted by other member states, and ultimately tax has been retained as a ground for a protected disclosure.

The commission's research estimates that the implementation of the directive could result in huge potential savings, including a potential saving of up to €9.6bn annually under the heading of public procurement alone across the EU.

At the moment, Irish legislation only requires public bodies to have whistleblowing procedures. Although it is highly recommended that private sector companies do so also, it is not obligatory.

The directive would change this and would require private sector entities to put in place such procedures if they have more than 50 employees, or an annual turnover or balance sheet of more than €10m, or if it is a private entity of any size in the area of financial services.

A "tiered reporting system" is proposed: whistleblowers will be encouraged to report any breaches internally first.

The test for protection is whether the whistleblower "has reasonable grounds to believe that the information reported was true" and the information falls within the scope of the directive, but this test will not be unfamiliar to Irish employers.

Alternatively, whistleblowers may report through a nominated external channel in certain circumstances.

Finally, a "public disclosure", such as to the media, is protected if certain tests are met.

Again though, Ireland's legislation already provides for a not dissimilar "stepped disclosure" regime, so this concept will not be new to Irish employers.

It remains to be seen whether whistleblowers can remain anonymous; the current Irish legislation allows for anonymity but with numerous exceptions.

The directive is starker and simply states that whistleblowing procedures in a company must "ensure the confidentiality of the identity of the reporting person", but it does not provide for exceptions.

It is doubtful that this is workable in practice.

There is also protection for whistleblowers in the directive from "retaliation", including dismissal.

Again, the Irish legislation already possesses such a concept and heavy penalties for employers who breach it, but importantly the directive states that the burden of proof should be reversed in such cases.

Therefore, it would be for the business to prove that it was not acting in retaliation against the whistleblower, rather than the whistleblower having to prove his/her case.

This would differ from the existing Irish whistleblowing legislation, but the concept would be well-known to Irish employers considering the Irish Unfair Dismissals Acts does the same thing in the context of employee dismissals generally.

The directive does not set out penalties and enforcement mechanisms but leaves this to member states.

Considering the heavy penalties in Ireland already (up to five years' remuneration for an employee dismissed for making a protected disclosure), it would be surprising if the Government changed existing penalties and protections radically.

The European Parliament's first reading vote is expected on April 17. If ultimately approved, member states are usually given three years to implement into their national laws.

While the directive will massively change whistleblowing protections in many member states, it will not be as ground-breaking in Ireland due to the strength and scope of our existing whistleblower protections.

However, there will be additional requirements on many private sector employers, and it is worth employers starting their preparations sooner rather than later.

Jeffrey Greene is a partner in the Employment & Benefits Group of William Fry Solicitors

Irish Independent

Also in Business