domenica, Luglio 21, 2024

Right to respect for private life and whistleblowing

Premessa: tale scritto, a cura di Valeria Tranchini, fa parte del Legal Research Group di ELSA Napoli intitolato “Right to private life: challenges and perspectives” organizzato da ELSA Napoli e curato da Francesco De Santis (professore di diritto processuale civile e procedure di tutela internazionale dei diritti umani presso il Dipartimento di Giurisprudenza dell’Università di Napoli “Federico II”).

Summary: 1. Introduction. 2. International framework. 3. EU Directive 2019/1937. 3.1. Internal reporting. 3.2. External reporting. 3.3. Protection of the persons who report breaches. 3.4. Transparency International Italia’s Policy Paper 1/2019. 4. Impact of Whistleblowing on Human Rights: the right to respect for private life. 4.1. The balance between the right to respect for private and family life and the right to freedom of expression. 5. Concluding remarks

  1. Introduction

During the last decades, whistleblowing has become a topic of interest for academics, politicians and practitioners. In some Countries, whistleblowing legislation dates back more than a hundred years and it can fairly be said that it is likely that the kind of behaviour which is now classified as whistleblowing exists since the beginning of human civilization. Only in recent years it has been identified as a potential weapon against corruption, mismanagement, and general noncompliance with legal obligations by a broader public[1].

The term whistleblowing signifies the action of reporting an improper or unethical conduct or the commission of an offence of which the person, known as whistleblower, becomes aware during the fulfilment of the employment relationship. In other words, a whistleblower releases secret information to a third party with the aim to prevent or stop a wrongdoing or grievance[2]. Organizations, whether governmental or private, rely on individuals, particularly employees, to bring to their attention information on actual or potential misconduct that may be occurring in the workplace, that otherwise could go undetected. Therefore, it is generally accepted that whistleblowers qualify as a vital source of human intelligence[3].

However, the origin of the expression “whistleblowing”, is still uncertain. -Some believe that the word refers to the practice of British policemen blowing their whistle when they noticed a crime being committed, in order to alert other policemen and, more broadly, the community. Others believe it refers to the foul whistled by the referee during sports match. In both cases, the goal is to stop an action and call attention to it.

The topic is of particular interest because whistleblowing is one of the most effective ways to identify irregular and unlawful conduct in an organization, such as commercial and financial crimes. Whistleblower protection is essential to encourage the reporting of unlawful conduct.

Some legislation provides for a reward system to compensate whistleblowers for their reporting. Aside from that, what can really incentivize people to do this is comprehensive legislation that protects them against retaliation of any kind.

This article will address the international and EU frameworks especially the EU Directive 2019/1937 on the protection of persons who report breaches of EU law. It will also go through Transparency International Italia’s Policy Paper 1/2019, which addresses both the favourable and the improvable points of the Directive. Lastly, this article will try to explain the close link between whistleblowing and the fundamental right to respect for private life, and how the latter needs to be balanced with the freedom of expression.

  1. International framework

There are countless international conventions that have covered this topic. According to a chronological analysis of the most relevant ones, the first was the one promoted by the Organization for Economic Co-operation and Development (OECD), known as the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, adopted in 1997. It introduced deeply innovative provisions, considering that previously corruption of foreign public officials did not constitute a crime in almost all the OECD Countries.

The Council of Europe, then, pursued this same path with the adoption of two conventions that lay down norms on the contrast of corruption in criminal and civil law. The first one, the Criminal Law Convention on Corruption, entered into force in 2002. Corruption is identified as a strong threat to the rule of law, to democracy, and to the moral foundations of the society. The Convention established that each State adopts national measures in order to recognize as crimes corruption both in the public and in the private sectors, misappropriation, money laundering, accounting crimes in the field of corruption and the guilt by association in all of the aforementioned crimes. The States Parties must activate measures and effective sanctions, including for example pecuniary sanction or deprivation of liberty following extradition.

The second one, the Civil Law Convention on Corruption, entered into force in 2003. The aim of this Convention is to strengthen international cooperation for the fight against corruption, recognized as a strong threat to economic development and the proper functioning of markets. It is divided into three parts: the first deals with compensation and precautionary measures to protect the parties offended by corruptive practices; the second one highlights the importance of cooperation between the States Parties about notifications of documents, obtaining evidence and recognition of foreign judgements, bearing in mind that control over the implementation of such provisions is under the responsibility of GRECO[4]. The third part consists of the final clauses, whose clarifications aim at reinforcing the application of the Convention provisions.

The last treaty to worth the attention is the United Nations Convention against Corruption (UNCAC), also known as Merida Convention, named after the Mexican city in which it was opened for signature, which entered into force in 2005. Notably, the Convention in question is marked by a preventive approach. Specifically, the text proposes institutional mechanisms, such as the creation of a specific anticorruption body, codes of conduct and policies conducive to good governance, the rule of law, transparency, and responsibility. It should be noted that the Convention highlights the important role of civil society, in particular of non-governmental organizations and initiatives at a local level, and it invites States Parties to actively encourage the participation of public opinion and the raising of its awareness of the problem of corruption.

Article 33 of the Merida Convention, headed Protection of reporting persons, states that that:

“Each State Party shall consider incorporating into its domestic legal system appropriate measures to provide protection against any unjustified treatment for any person who reports in good faith and on reasonable grounds to the competent authorities any facts concerning offences established in accordance with this Convention.”

Interestingly, Article 9 of the aforementioned Civil Law Convention on Corruption, headed Protection of employees, provides that

“Each Party shall provide in its internal law for appropriate protection against any unjustified sanction for employees who have reasonable grounds to suspect corruption and who report in good faith their suspicion to responsible persons or authorities.”

Even if these provisions result very similar at first sight, these are very different in substance, since the one enshrined in the Merida Convention only contains a recommendation for the States, while the one from the Council of Europe Convention obliges States Parties to implement an ad hoc regime. Moreover, the Merida Convention refers to the protection of persons who reports allegations of corruption without specifying the context, while the Civil Law Convention on Corruption narrows its scope of application to the protection of employees who report alleged acts of corruption discovered within the working context. However, the United Nations Convention against Corruption is the only legally anti-corruption instrument with both a universal and binding nature. It represents a strong response to a transnational problem, through its mandatory provisions and wide-ranging approach[5].

Moving back to the specific topic of the present paper, whistleblowers generally report on corruption, fraud, intimidation, violation of health regulations or safety standards, cover-ups, and discriminatory behaviour. All the international studies on corruption deem whistleblowing as an important tool to prevent and contrast this phenomenon, since the relevant information regarding the crime or violation emerge from within the environment in which the violation has occurred. This means that such information is more complete and more accurate, especially considering that, in comparison with other categories of crimes, third parties find it harder to become aware of corruption crimes and to denounce them.

This kind of behaviour is of significance not only for judiciary purposes, but also for ethical ones, which is not of less importance. The creation of a code of conduct within the employees, in order to contrast unlawfulness, permits to avoid a detrimental type of solidarity, which becomes conspiracy of silence.

  1. EU Directive 2019/1937

The most recent and significant reference to whistleblowing can be found in the EU Directive 2019/1937 on Whistleblowing[6]. The Directive outlines its material scope by an exhaustive list of fields in which protection rules are enacted with regards to persons who report unlawful behaviours or abuse of law. Specifically, these are public contracts, financial services, prevention of money laundering and terrorist financing, product safety, transport safety, environmental protection, nuclear safety, food and feed safety and animal health and welfare, public health, consumer protection, privacy and personal data protection, and network and information systems security. This list also includes some articles of the Treaty on the Functioning of the European Union (TFEU)[7].

The ratione personae scope is another innovative element of the Directive, since it extends the category of persons protected. The Directive applies to employees both in the public and in the private sector, who acquire information about violations committed in the working environment. The safeguard is even wider than those exposed until now: the Directive not only applies pending the contractual relationship, but also before it begins, in cases where the relevant person acquires the information during the selection process or other phases of the dealing prior to the conclusion of the contract[8].

Moreover, the Directive applies to a vast number of potential whistleblowers, including persons who are not a part of a traditional contractual relationship, including consultants, contractors, volunteers and, as just mentioned, even candidates for a job position.

Legal entities of the private and public sector must set up the tools needed to report through the establishment of internal reporting channels and procedures, and the follow-up phase. Other subjects in contact with the entity for reasons of their professional activity must also be allowed to report, but the use of internal reporting channels is not mandatory for these categories of people. Article 4 of the Directive specifies which categories of the private and of the public sectors are mandated for these requirements. In particular, the public sector subjects are the administration of the State, the administration and regional services, the municipalities constituted by more than 10,000 inhabitants, and other subjects of public law.

The distinction between internal and external reporting should be emphasized. Internal reporting is the communication of information on violations within public or private legal entity, while the external reporting consists in the communication of information on violations to the competent authorities. This distinction is relevant for the purposes of the reporting procedure and the subsequent phase.

3.1.      Internal reporting

The procedures for internal reporting consist of several elements. First of all, it is necessary to have proper channels for receiving reports. These channels must be planned, carried out and managed to guarantee the secrecy of the identity of the person reporting, and to block the access to the unauthorized personnel. Such channel must enable reporting in writing or orally. The second element is the designation of a competent person or service to pursue the reports, and a diligent follow-up of the report by such a person or service. The third element is a reasonable time, not exceeding three months after the report, to give feedback to the reporting[9].

Finally, the procedures for internal reporting must provide clear and easily accessible information on the procedures and the terms and conditions under which the reporting persons may avail themselves of the external reporting procedure[10] – i.e., the ones done before the competent authorities, including institutions, bodies, offices or agencies  of the European Union..

3.2.      External reporting

Concerning the external reporting procedure, Member States designate the competent authorities to receive and manage reports, and provide them with adequate resources to carry out their duties. Moreover, Member States must ensure that any authority which receive a report but is not empowered to address the breach thereby submitted transmits the report to the competent authority, with consequent notice to the reporting party.

In order to treat properly the information provided by the reporting person, the authorities under consideration will have to establish external reporting channels with the following features: independence, autonomy, safety and confidentiality. Moreover, they will have to give a reply to the reporting person on the follow-up given to the report within a reasonable term not exceeding three months or up to six months in duly justified cases.

Then, they will transmit the information contained in the report to the competent bodies and organizations of the European Union for further investigations, if required by domestic law or European Union law. Therefore, Member States have to check the efficient performance of these tasks by the competent authorities, including the obligation to communicate to the reporting persons the outcome of their investigations. The reporting methods are similar to the internal ones, with the difference that the direct meeting takes place with the personnel of the competent authority, which has the task of supplying the person involved with the information on reporting procedures, of receiving the reports and following its course, and of maintaining contact with the whistleblower to keep the person informed of the developments and the outcome of the investigations.

3.3.      Protection of the persons who report breaches

Chapters IV and V of the Directive[11] focus on the protection of reporting persons and others involved to a certain extent in the situation in question. whoReporting persons benefit from such safeguards provided that they have reasonable grounds to believe that the reported information was true at the time of reporting and that this information falls within the scope of the Directive itself.

There are additional conditions for the person to benefit from this protection. The first one exists when the subject has resorted to the procedures of internal reporting, but no follow-up has been prepared by the reasonable time referred to in Article 5[12], or when the channels of internal reporting were not accessible to the reporting person or when he or she was aware of their availability. Second, protection is provided when the reporting person had reasonable grounds to believe that the breach may constitute an imminent or manifest danger for the public interest, or where there is a situation of emergency or a risk of irreversible damage.

In case of external reporting, protection is ensured whether “there is a risk of retaliation or there is a low prospect of the breach being effectively addressed, due to the particular circumstances of the case, such as that evidence may be concealed or destroyed or that an authority is in collusion with the perpetrator of the breach or involved in the breach”.

Chapter VI[13] outlines protection measures. Article 19 lists the threats and attempts to retaliation, against which the Member States should take both direct and indirect necessary measures, such as, among others, suspension, lay-off, dismissal, transfer of duties, change of location of place of work, reduction in wages, change in working hours, discrimination and unfair treatment.

Once the Member State has identified the form of retaliation to be contrasted, the question turns on the ways in which Member States may effectively protect reporting persons threatened by retaliatory actions. Actions meant to ensure effective protection are enshrined in article 20, entitled Measures of support. The reporting persons and the ones to some extent involved in the situation in question must fully enjoy the right to an effective remedy, to an impartial judge, the presumption of innocence, and the rights of defense, including the right to be heard and the right to access the file, in compliance with the Charter of Fundamental Rights of the European Union. These also enjoy the protection of identity, if it is not known to the public and as long as investigations are ongoing[14].

Member States shall provide for effective, proportionate and dissuasive penalties applicable to natural or legal persons who obstruct or attempt to obstruct reporting, that adopt retaliatory measures against the reporting persons, who raise vexatious proceedings against persons reporting and/or violate the obligation of confidentiality on the identity of reporting persons. The Directive envisages further effective, proportionate, and dissuasive sanctions. These are applicable to persons who make malicious or unfounded reports or disclosures, including measures that compensate those who have suffered a prejudice from such reports or disclosures.

Since such Directive involves the processing of personal data, it provides for the application of the regulation (EU) 2016/679 and the Directive (EU) 2016/680. Exchange or transmission of information between competent authorities at EU level must comply with Regulation (EC) 45/2001. The personal data that are not relevant for the treatment of a specific case are immediately deleted.

3.4.      Transparency International Italia’s Policy Paper 1/2019

Transparency International Italia’s Policy Paper 1/2019[15] is clear on key points of the Directive. There are many favorable points, but there are still many aspects that need improvement. Member States may refine such aspects during the process of implementation into domestic legislation with the view of ensuring effective protection to all whistleblowers, in line with international standards and best practice.

Among these aspects, first of all the material and personal scopes need certainly to be broadened. In Transparency International’s opinion, the Directive’s material scope needs to be extended as much as possible, in order to include all the areas under European Union law, including violations of workers’ right. The personal one should be widened so as to cover all natural and legal persons at risk of retaliation as consequence of whistleblowing, to the ones connected to whistleblowers – such as colleagues, relative and employers –, to the ones believed or suspected to be a whistleblower, to the ones who intended to make a whistleblowing report but were discouraged to make a formal report, and to the civil society organizations assisting whistleblowers.

Moreover, all the public bodies should undergo the obligation to adopt internal reporting procedures. The Association proposes to apply this obligation to all public bodies at national, regional and local level, based on the institution’s size. This should also include public bodies at EU level.

Then, in all contexts, the identity of whistleblowers should be protected in a more complete and effective way, also through a specific protection system within the internal procedures of reporting. In any case, at a later stage, the proposed Directive should specify that whistleblowers have access to full compensation covering all consequences of the report, both direct and indirect, by means of economic and non-economic resources. It should have a non-comprehensive list of the types of remedies available.

Lastly, the Association claims that anonymous reports should be accepted. According to the Association, a report should not be discarded as anonymous, but should be taken into load if sufficiently detailed. Moreover, protection should be provided to whistleblowers who report anonymously, but whose identity is discovered at a later time. The provision of effective methods for protecting whistleblowers’ identity would entail a decrease of anonymous reports, which, as stated above, cannot be disregarded by the recipient.

Transparency International proposes greater protection of confidentiality. This not only concerns the name of the reporting person, but also any other information that could lead to his/her identification. For example, the legislation should take into consideration narrow working contexts, where it is much easier to trace it. Protecting the identity of the whistleblower is the core aspect of whistleblowing legislation, and, therefore, it would require more detailed provisions on the protection of confidentiality. So, the provision should specify all the identifying information in addition to identity, which should apply to anyone who learns the identity of the whistleblower, and a clear and precise list of exceptions to the obligation of confidentiality.

The same Position Paper further propose to strengthen the shifting of the burden of proof. Informants face difficulties in proving that they suffered discrimination due to their reporting. On the contrary, institutions not only have greater contractual strength, but they also have a procedure to document their actions as well as an easier access to witnesses. The Directive provides incomplete underpinning the shifting of the burden of proof. The whistleblower must prove that the discrimination constitutes retaliation for reporting, therefore he or she has to demonstrate the casual link between the two events. Furthermore, the shifting of the burden of proof applies only to legal proceedings, i.e. excluding internal and administrative proceedings. In Transparency International Italy’s opinion, the directive should establish the shifting of the burden of proof, providing only two conditions: having reported a breach and having suffered a discrimination.[16]

  1. Impact of Whistleblowing on Human Rights: the right to respect for private life

Whistleblowers who report breaches face a high personal risk, suffering both professional and personal consequences. Under the first point of view, whistleblowers often lose their jobs and further career prospects, for example through displacement or the assignment to a lower job profile. In addition to this, they also undergo harassment and legal persecution, with annexed financial trouble, together with harmful implications in their personal spheres. Indeed, reprisals often are not directly addressed to whistleblowers directly, but to their closest persons.

All of these retaliatory practices – which may consist in injury to the reputation or even in threats or violence – could integrate a violation of Article 8[17] of the European Convention on Human Rights, which guarantees the right to respect for private life, family life, the home and the correspondence – such as letters, telephone calls and emails.

Courts have interpreted the concept of “private life” very broadly, up to cover the right to determine one own’s sexual orientation, lifestyle and the way individuals look and dress. The concept of private life also covers the right to develop one own’s personal identity and to forge friendships and other relationships, including economic, social, cultural and leisure activities. This clearly means that the media and others may be prevented from interfering in another person’s life, and that personal information should be kept securely and should not be shared without permission, except in certain exceptional circumstances – such as protecting national security or the right and freedoms of other people, or preventing disorder or crime.

4.1.      The balance between the right to respect for private and family life and the right to freedom of expression

The right to respect for private and family life may conflict with Article 10[18] of the European Convention on Human Rights, which sets forth the right to freedom of expression. This latter includes the right to freely express opinion, views, ideas and to seek, receive and impart information[19]. The Court has addressed a number of cases concerning the balance between these two bordering fields and has found out that, as a matter of principle, the right guaranteed under these two articles deserve equal compliance. The Court has specified that, where the right to freedom of expression needs to be balanced with the right to respect for private life, the relevant criteria in the balancing process include the general interest of the object of the disclosure, the subject of the report, and the content of the information.

The conduct of the whistleblower imposes a delicate balance between the need to ensure the preliminary information at the beginning of sanctioning activities and the need to guarantee the rights of the reported persons, who must have access to all the material used against them.  This latter need also stems from Article 6 of the European Convention on Human Rights, which sets forth the right to a fair trial.  Article 6, paragraph 3, letter (b) guarantees that everyone charged with a criminal offence enjoys a set of minimum rights, including adequate time and facilities for the preparation of his or her defense.

Clearly, it is difficult to find a good balance between the expectations of confidentiality of the reporter – who must certainly not suffer from retaliation for having reported crimes with the aim to protect the collective interest – and the right to access to be granted to the reported person.

The Italian Court of Cassation, in the first judgement on whistleblowing following the entry into force of the Law No. 179 of 30 November 2017, held that the protection of the identity of the reporter is not absolute. According to the Italian legislation,both in criminal and in disciplinary proceedings the guarantees of respect for confidentiality may fall if the knowledge of the whistleblower’s identity is absolutely necessary for the defense of the accused person.

  1. Concluding remarks

The previous Section meant to of explore the intimate correlation between whistleblowing and the right to respect for private life. First of all, the main link between the two is the fact that, pursuant to the Directive (EU) 2019/1937, respect for private life and protection of personal data, as fundamental rights under Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, are two of the various areas in which whistleblowers may help to report breaches that may harm the public interest.

Moreover, the consequences of reporting must not be underestimated in terms of social impact on private life in a twofold sense: the whistleblower’s perspective and the reported person’s one. Firstly, the whistleblower’s private life is negatively affected by his decision to report, as the people around him, starting from his work colleagues, may see him in a different light (that of a spy), if employees in the workplace have not been adequately trained on the importance and on the culture of information.

Secondly, the reported person is also greatly affected by the report, as the authorities, in order to investigate the relevant allegations, have to go into details that often involve the reported person’s private life. It is necessary to address the need to protect the reported person’s private life, by guaranteeing protection both in the pre-litigation phase and in the trial phase. If the report proves to be unfounded, it is necessary to avoid damage to his or her image. If it proves to be well-founded, there is still a risk of disclosure of personal data which are not strictly related to the professional role in which the offence was committed, which also needs to be absolutely avoided.

It should be noted that in many Countries, the term whistleblower is associated with spy, traitor, informer, all of which have a negative connotation. This is the result of years of authoritarian regimes, where secret service networks existed. By way of example, during the era of the Soviet Union, people provided the authorities with information, often in secret, about neighbors, work colleagues, and even family members.

As a common feature of dictatorial regimes characterized by a system of deprivation of the most basic human rights, law violations and unfair measures are commonplace and are used to investigate more effectively the possible onset of clandestine opposition, in order to identify more accurately any potential agitators and dissenters, and in any case to discourage subversive aggregations by spreading the fear of omnipresent secret bodies. These are usually organizations created within a military or police corps, directly managed by the government and presenting many structural and organizational analogies with the secret services – of which they are sometimes a counterpart.

Therefore, it is easy to imagine how complex the affirmation of an institution such as Whistleblowing was, and to what extent still is, , in a system in which reporting of information would have entailed, as a consequence, a severe repression against the subject who was the target of the disclosure. Mistrust is the first reason why the legislation on whistleblowing is often very late. The fear of reprisals combined with the lack of legal protection, the sense of futility, and the historical backgrounds deter those who want to blow the whistle, whether in the public or private sector. Certainly, with the synergy between the intervention of the legislator and the work of non-governmental organizations, mistrust can be broken down, raising awareness in the institutions and in the citizens on the public utility of this institution and the need to protect those who “blow the whistle”.

It is necessary that the public authorities perceive the importance of this relatively new institution. They are the ones who can implement the legislation on this topic, and spread its usefulness, encouraging those who fear retaliatory behaviours that often follows an act not only of legality, but of social justice. Commitment must come from them, in order to stimulate the consciences of citizens to live and act justly, where legality is the rule.


[1] Forst G., Thüsing G., “Whistleblowing – A Comparative Study“, Springer, Switzerland, 2016

[2] Refer to footnote 1.

[3] International Bar Association – Legal Policy & Research Unit and Legal Practice Division, “Whistleblower Protections: A Guide“, April 2018

[4] The acronym stands for “Groupe d’États contre la Corruption”. The GRECO aims to strengthen their members’ ability to fight corruption by monitoring their compliance with the anti-corruption standards of the Council of Europe, through an evaluation process and mutual pressure. This approach allows to identify any shortcomings in national policies, pushing States to promote legislative and institutional reforms.

[5] Compare with the official website of the United Nations Office on Drugs and Crime: .

[6] Legislative train:

  • October 24th 2017: European Parliament resolution in order to adopt a directive on whistleblowing;
  • April 23rd 2018: publication of the European Commission’s proposal about a directive on whistleblowing;
  • November 20th 2018: approval by the European Parliament legal affairs committee;
  • April 16th 2019: approval by the European Parliament;
  • October 23rd 2019: official adoption of the Directive by the Council of the European Union;
  • December 16th 2019: entry into force of the EU Directive 2019/1937;
  • December 2021: deadline for the implementation of the Directive by the Member States into domestic law.

The Member States need to implement the provisions contained in the directive within May 15th 2021.

[7] Article 2 – Material scope:

“1. This Directive lays down common minimum standards for the protection of persons reporting on the following breaches of Union law:

(a) breaches falling within the scope of the Union acts set out in the Annex (Parts I and Part II) to this Directive as regards the following areas:

(i) public procurement;

(ii) financial services, products and markets and prevention of money laundering and terrorist financing

(iii) product safety;

(iv) transport safety;

(v) protection of the environment;

(vi) radiation protection and nuclear safety;

(vii) food and feed safety, animal health and welfare;

(viii) public health;

(ix) consumer protection;

(x) protection of privacy and personal data, and security of network and information systems.

(b) breaches affecting the financial interests of the Union as defined by Article 325 TFEU and as further specified in relevant Union measures;

(c) breaches relating to the internal market, as referred to in Article 26(2) TFEU, including breaches of the competition and State aid rules, and as regards acts which breach the rules of corporate tax or arrangements whose purpose is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law.

2.This Directive is without prejudice to the possibility for Member States to extend protection under national law as regards areas or acts not covered by paragraph 1.”

[8] Article 4- Personal scope: “1. This Directive shall apply to reporting persons working in the private or public sector who acquired information on breaches in a work-related context including, at least, the following:

(a) persons having the status of worker, within the meaning of Article 45(1) TFEU, including civil servants;

(b) persons having the status of self-employed, within the meaning of Article 49 TFEU;

(c) shareholders and persons belonging to the administrative, management or supervisory body of an undertaking, including non-executive members, as well as volunteers and paid or unpaid trainees;

(d) any persons working under the supervision and direction of contractors, subcontractors and suppliers.

  1. This Directive shall apply to reporting persons also where they report or disclose information acquired in a work-based relationship which has since ended. 3. This Directive shall also apply to reporting persons whose work-based relationship is yet to begin in cases where information concerning a breach has been acquired during the recruitment process or other precontractual negotiation. 4. The measures for the protection of reporting persons set out in Chapter IV shall also apply, where relevant, to

(a) facilitators,

(b) third persons connected with the reporting persons and who may suffer retaliation in a work-related context, such as colleagues or relatives of the reporting person, and

(c) legal entities that the reporting persons own, work for or are otherwise connected with in a work related context.”

[9] Refer to the European Directive, Chapter II – Internal Reporting and Follow-up of Reports (Article 7 – Reporting through internal channels: Article 8 – Obligation to establish internal channels; Article 9 – Procedures for internal reporting and follow-up reports).

[10] Refer to the European Directive, Chapter III – External Reporting and Follow-up of Reports (Article 10 – Reporting through external channels; Article 11 – Obligation to establish external reporting channels and to follow-up on reports; Article 12 – Design of external reporting channels; Article 13 – Information regarding the receipt of reports and their follow-up; Article 14 – Review of the procedures by competent authorities).

[11] Refer to the European Directive, Chapter IV – Protected Disclosures (Article 15 – Public disclosures).

[12] Article 5 – Conditions for protection of reporting persons: “1. Persons reporting information on breaches falling within the areas covered by this Directive shall qualify for protection provided that:

(a) they had reasonable grounds to believe that the information reported was true at the time of reporting and that the information fell within the scope of this Directive;

(b) they reported internally in accordance with Article 7 and externally in accordance with Article 10, or directly externally or publicly disclosed information in accordance with Article 15 of this Directive.

  1. Without prejudice to existing obligations to provide for anonymous reporting by virtue of Union law, this Directive does not affect the power of Member States to decide whether private or public entities and competent authorities shall or shall not accept and follow-up on anonymous reports of breaches. 3. Persons who reported or publicly disclosed information anonymously but were subsequently identified shall nonetheless qualify for protection in case they suffer retaliation, provided that they meet the conditions laid down in paragraph 1. 4. A person reporting to relevant institutions, bodies, offices or agencies of the Union on breaches falling within the scope of this Directive shall qualify for protection as laid down in this Directive under the same conditions as a person who reported externally.”

[13] Refer to the European Directive, Chapter VI – Protection Measures (Article 19 – Prohibition of retaliation; Article 20 – Measures of support; Article 21 – Measures for the protection against retaliation; Article 22 – Measures for the protection of concerned persons; Article 23 – Penalties; Article 24 – No waiver of rights and remedies).

[14] European Commission, Proposal for a Directive of the European Parliament and of the Council on the

protection of persons reporting on breaches of Union law, 2018/0106.

[15] See Transparency International Italia’s official website, at:

[16] European Data Protection Supervisor, “Guidelines on processing personal information within a whistleblowing procedure“, 2016

[17] Article 8 – Right to respect for private and family life: “1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”

[18] Article 10 – Freedom of expression: “1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises. 2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.”

[19] See Guja v. Moldova: Case number: No. 14277/2004. Date of decision: February 12, 2008, para. 97: “Being mindful of the importance of the right to freedom of expression on matters of general interest, the right  of civil servants and other employees to report illegal conduct and wrongdoing at their place of work, the duties and responsibilities of employees towards their employers, and the right of employers to manage their staff – and having weighed up the other different interests involved in the present case – the Court comes to the conclusion that the interference with the applicant’s right to freedom of expression, in particular his right to impart information, was not “necessary in a democratic society” .Accordingly, there has been a violation of Article 10 of the Convention. See Global Freedom of Expression, Columbia University, Guja v. Moldova, verifiable at:; Council of Europe, Whistleblowers and their freedom to impart information – Guja v. Moldova n° 14277/04, May 2017.

Lascia un commento