On 16 December 2019, Directive 2019/1937 on the protection of persons who report breaches of Union law, also known as the “Whistleblower Directive”, came into force. This Directive aims to provide minimum protection across the EU to whistleblowers who raise breaches of EU law in a work-related context. Whistleblowers must be protected from any form of retaliation, such as suspension, lay-off, discrimination and demotion, and should be offered advice, effective assistance from the competent authorities and legal assistance.
Belgium was meant to transpose the Whistleblower Directive by 17 December 2021. As Belgium did not meet this deadline, the Commission started an infringement procedure and sent a letter of formal notice to Belgium on 27 January 2022. Upon receipt of a letter of formal notice, Member States have two months in which to take the necessary measures. If they fail to do so, the Commission may send a reasoned opinion.
Following the letter of formal notice, the Belgian Council of Ministers approved a draft act transposing the Whistleblower Directive for the private sector on 25 February 2022. The draft act covers a wide range of breaches that can be reported, including breaches relating to consumer protection, privacy and personal data protection, cybersecurity, tax and social security fraud, public procurement, product safety, environmental protection and tax evasion.
A whistleblower will be protected if (i) he or she has reasonable grounds to believe that the information regarding a breach was true at the time of reporting, (ii) such information is covered by the act and (iii) he or she has reported the breach internally within the organisation or externally with the competent supervisory authority, or has made a public disclosure. Organisations in the private sector with 50 or more employees have to establish procedures for employees to report information about breaches. Internal reporting is to be encouraged but cannot be imposed. External reporting channels to the competent authorities also have to be in place.
With respect to the transposition for the public sector, a draft decree covering whistleblower protection within the Flemish government and local administrations was published by the Flemish Government on 17 December 2021. The Flemish Supervisory Commission for the Processing of Personal Data and the Association of Flemish Cities and Municipalities have issued their advice on the draft decree. The draft also needs to be negotiated with the social partners and submitted to the Council of State.
We will keep you updated about future developments.
Please contact Karel Janssens for further information about this topic and/or for general advice relating to privacy and data protection.