by Michal Pleticha
Whistleblowing is back in the spotlight, ready to ignite heated debates later this year. Why? The 17th of December 2021 marks the expiration of the transposition period of the EU Whistleblower Directive1. To put it simply, every EU Member State should have the effective law on the protection of whistleblowers by the end of this year, which means that the internal compliance systems of many public and private entities is about to change. Let’s have a closer look at the preparations in two EU countries, Germany and the Czech Republic who share the similar model of whistleblower protection: partial and fragmented.
In Germany, the approach of civil and labour courts was mostly shaped by the case-law of the European Court of Human Rights (ECHR), especially on the landmark decision with Heinisch v Germany2 in 2011 (balancing of employer and employees interests in a nursing home). Similarly, the Czech law does not provide explicit rules for whistleblower protection (with exception to civil service employees), and from a constitutional point of view, there is only one relevant case which appeared before the Constitutional Court in 2012 – Čistírna odpadních vod Pavlovice3 (balancing of public interest on protection of environment with duty of loyalty of employees).
To meet the requirements of the EU Whistleblower Directive, both countries are obviously in need of comprehensive regulation. The drafting work has been already done. In Germany, there is a draft called “Hinweisgeberschutzgesetz” 4 (further referred to as “HinSchG”) from the Ministry of Justice and Consumer Protection (BMJV). The HinSchG has not been scrutinised by the German government or parliament yet. In the Czech Republic, there is a draft called “Návrh zákona na ochranu oznamovatelů” 5 (further referred to as “ZOO”), also prepared by the drafters of the Ministry of Justice. The ZOO was already approved by the Czech government in January and scrutinised in the 1st reading by the House of Deputies a week ago.
Let me briefly compare some interesting aspects of these two drafts.
Both drafts are similarly structured, following the logic pattern of the EU Whistleblower Directive, starting with personal and material scope and definitions, then moving to the rules for internal and external channels, laying out the same rules for public disclosure, and closing with sanctions and penalties for non-compliance. From a general point of view, the HinSchG, seems to be more clearly organised and logically structured. The ZOO, on the other hand, is more straightforward and wider in scope.
Material scope of HinSchG and ZOO
Based on the interpretation of opening provisions (§2/(1)/1.), it seems that the HinSchG will be applicable on criminal offences which are punishable by fines – minor crimes, further on administrative offences and breaches of the EU laws in selected areas6, and other specific breaches of a financial nature. However, it leaves out serious crimes, which are obviously still supposed to be reported traditionally. In contrast to this, the ZOO permits reporting of all criminal offences (serious and minor ones), infringements, and breaches of the EU laws in selected areas6. As a result, the ZOO is wider in material scope, making it seemingly more comfortable for a whistleblower to report a wrongdoing through internal channels at a workplace, without actually having have to contact the Police or Prosecution Office. The authors of the ZOO admit that, in practise, it may happen that a crime is reported twice – first through the whistleblowing channel and then in a standard way, but they conclude that it is better to allow these overlaps rather than narrowing down the legal possibilities of reporting and discouraging the whistleblower7. This may work well with minor offences, but what would happen if there was a serious, extensive criminal activity, possibly involving the top management (e.g. similar to the Wirecard scandal 8), reported through an internal whistleblowing channel to a designated person (i.e. a person authorised to carry out an internal investigation)?
The ZOO presumes (§11/1/b) that the designated person would launch an internal inquiry, consisting of verification of claims from the whistleblower (e.g. in the form of questioning of fellow co-workers and colleagues, analysing documents etc.) and searching for evidence (witnesses, digital records etc.). There is no need to emphasise how socially sensitive it could become for a designated person to carry out these activities among his superiors or even top managers. Would a designated person suggest to press criminal charges as a remedial action in the end? That would undoubtedly depend on his position in a company, integrity, dedication, devotion to a job, and on the type of crime. He may discover during the internal inquiry that the reported wrongdoing actually falls within the scope of the specified crimes, which are mandatory to report, and a person who fails to report can be prosecuted9. Interestingly, unlike the German Criminal Code, the crime of bribery falls into this category under Czech criminal law.
Internal inquiries of this type may be easier to be executed in big entities with more than 250 employees, where employees actually don’t know each other that well. However, in medium-sized enterprises with 50 to 250 employees, in a closer working environment, it might be tricky. There is always the likelihood that information of something serious being internally investigated, leaks out during the inquiry or after it was communicated to the top management. Needless to say, it may turn the professional and personal life of a whistleblower, but also of a designated person, into a living hell and subsequently end his career, sometimes for good.
Therefore, if a designated person is to be chosen from employees, it should be someone who is able to withstand pressure, social isolation and “a sword of Damocles hanging above him”. All of which might come into play when the internal whistleblowing system is being tested by something serious. Admittedly, the authors of the ZOO tried to make it easier and attempted to remove the likely tensions by putting an employer under a threat of huge fines in case he interferes with competencies of a designated person10. However, the designated person still remains to be in an employment relationship and that might represent a big leverage over his activities. It should be either someone with strong backing from the managers or the unions, or someone from the outside. Actually, this may be a strong argument for outsourcing the internal whistleblowing system.
The described scenario may differ, of course, depending on various cultural, socio-economic, and legal conditions in the EU Member States. However, regarding the sensitive position of a designated person inside “the fire”, it may be not such an advantage to leave serious criminal offences within the material scope of the ZOO.
Based on this scenario, it seems that there might be a shortage of employees, willing to take on duties of a designated person after December 17th. How would this test of the internal whistleblowing system look like through the eyes of a prospective whistleblower who, given the seriousness of circumstances, would probably prefer staying anonymous?
Anonymous reports in HinSchG and ZOO
The authors of the HinSchG and the ZOO faced a very sensitive task: how to comply with the EU Whistleblower Directive and legitimise the possibility of anonymous whistleblower reports and, at the same time, make it the least visible in the text of the proposal in order to increase its chances of smooth passage through the Parliament?
The authors of the HinSchG mention the word “anonymous” in the normative text just once, in § 26/1, in the second sentence, which says that regarding the external whistleblowing channels: “there is no obligation to process anonymous reports”.
Their Czech counterparts went even further: the word “anonymous” is not mentioned in the normative text of the ZOO at all.
It does not mean that the issue of anonymity of whistleblowers is being overlooked. In both cases, it’s further elaborated in an Explanatory Memorandum. Generally speaking, an Explanatory Memorandum is a document, which usually accompanies a proposal through a legislative procedure (as its inseparable part). It seeks to explain the reasons of the proposed legislation, its goals and financial, legal and policy implications. For instance, the Explanatory Memorandum of the ZOO declares the following in several places regarding the internal and external whistleblowing: “it is possible to report anonymously in oral and written form” 11. However, when elaborating on § 26/1, the Explanatory Memorandum of the HinSchG openly states that “in order not to overload the new whistleblower protection system and to wait for the first experiences of both internal and external reporting offices, there is no obligation to process anonymous reports” 12.
What does the EU Whistleblower Directive say about anonymous reports? Article 6/2 and 3 makes it clear that it is actually up to the Member States to decide whether concerned entities in the private or public sector are required to accept and follow up on anonymous reports. However, those anonymous whistleblowers who are subsequently identified and suffer retaliation, should still qualify for the protection13.
If the Member States are entitled to choose their own way of dealing with anonymous reports, what is the difference between the HinSchG and the ZOO in this sense? The answer is essential.
The § 26/1 of the HinSchG which says that “there is no obligation to process anonymous reports” is part of the normative provisions. The ZOO does not mention the word “anonymous” among normative provisions, but there are several references to it – just in the Explanatory Memorandum of the ZOO11. It bears important legal consequences. To sum up:
HinSchG:
- § 26/1, second sentence, openly declares that anonymous reports in external whistleblowing channels can be rejected (as there is no obligation to process them), and since this clause is part of the normative provisions, it has a binding effect;
- The Explanatory Memorandum subsequently elaborates on this clause12, expanding the “no obligation” clause, even on internal whistleblowing channels;
- As a result, the decision to permit/reject anonymous reports is left to the management of the concerned private and public entities, which will be required to establish whistleblowing channels after December 17th14
ZOO:
- There is no clause on anonymous reports among normative provisions of the ZOO;
- The Explanatory Memorandum of the ZOO elaborates on anonymous reports at several places11 and permits them for both internal and external whistleblowing channels, but these statements still have no binding effect because they are placed outside the normative part of the ZOO;
- Even so, anonymous reports should not be rejected. But based on practical experience with the implementation of GDPR15, they may still be rejected frequently after December 17th because there is no legal obligation to permit them in the normative provisions of the ZOO. And employers do not read explanatory memorandums (either deliberately or out of negligence);
- In the end, it will be for the Constitutional Court to decide, whether it is lawful to reject or permit anonymous reports (which may take some time), laying down the binding rule on this issue.
Conclusion
Undoubtedly, the HinSchG and the ZOO represent the best, comprehensive and detailed legislative attempt to regulate whistleblowing thus far. Having its roots in the EU Whistleblower Directive, the transposition work of the ministerial drafters was precise and thorough. However, both proposals have something in common: the fear of anonymous whistleblowers.
With regard to the above-mentioned Article 6 of the EU Whitleblower Directive, both countries decided to take the advantage of choosing their own way of dealing with anonymous whistleblowers. The decision to permit/reject them was transferred to the management of the concerned public and private entities. Openly, in the binding normative provision of § 26/1 of the HinSchG (with further details in the Explanatory Memorandum) and covertly, just in the non-binding provisions of the ZOO’s Explanatory Memorandum.
This seemingly small difference in transposition of the Article 6 by the ZOO is capable of sending off a signal: “yes, you can use our new whistleblowing channels anonymously but we are not sure of it”. The ensuing confusion is inevitable.
All things considered, the final message of the ZOO to prospective Czech anonymous whistleblowers is: if you have something serious to say, for instance something similar to the Wirecard scandal8, do not get personally involved, contact a lawyer, tell him what you know, provide evidence, and for your own sake, stay away from these new whistleblowing channels after December 17th.
*1 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32019L1937.
*2 https://hudoc.echr.coe.int/spa#{%22itemid%22:[%22001-105777%22]}.
*3 http://nalus.usoud.cz/Search/GetText.aspx?sz=3-298-12_1.
*4 https://www.whistleblower-net.de/wp-content/uploads/2021/02/2020_11_26-Referentenentwurf-Whistleblowing-BMJV-1.pdf.
*5 https://www.psp.cz/sqw/historie.sqw?o=8&t=1150.
*6 Breaches of the EU laws in areas laid down in Article 2/1./(a) of the EU Whistleblower Directive.
*7 Explanatory Memorandum of the ZOO, B. Zvláštní část, § 17, page 79.
*8 https://whistleblowersblog.org/2020/06/articles/features/the-wirecard-scandal-and-the-beauty-of-anonymous-whistleblowing/.
*9 “Failure to report crime“ according to § 368(1) of the Czech Criminal Code (Trestní zákoník) or Section 138 of the German Criminal Code (Strafgesetzbuch – StGB).
*10 Fine of up to 1 000 000,- CZK or 5 % of the annual turnover, according to § 26/1/(h) and § 26/3 of the ZOO.
*11 For instance here: Explanatory Memorandum of the ZOO, B. Zvláštní část, § 11 a §16, page 72 and 77.
*12 A. Allgemeiner Teil, II. Wesentlicher Inhalt des Entwurfs, 7. Keine verpflichtende Nachverfolgung anonymer Meldungen, page 31 and 32.
*13 Article 6/2 and 3, along with the Recital 34 of the EU Whistleblower Directive.
*14 § 12 and § 19, 20, 21 and § 22 of the HinSchG.
*15 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The author, Michal Pleticha is the Legal Counsel to the Head of the Supreme Audit Office Czech Republic (SAO).
