Whistleblower protection

Whistleblower protection safeguards people who report certain types of misconduct. In this case, a ‘whistleblower’ is a person who, in the course of their work, discovers a breach of European Union or national law concerning public procurement, financial services, food safety, or consumer protection, for example, and reports the breach via a reporting channel. Reporting these breaches is important in order to prevent threats and serious harm to the public interest.

Whistleblower protection allows people to safely report breaches without having their identity compromised. The whistleblower’s identity is treated as non-disclosable information in the subsequent processing of their report. 

Whistleblower protection is based on Act on the Protection of Persons Reporting Infringements of European Union and National Law (the Whistleblower Act) and the EU Directive on whistleblower protection.

Whistleblower protection prohibits retaliation against whistleblowers. For example, an employer may not worsen a whistleblower’s terms of employment, dismiss them, or lay them off because of their report.

General requirements for receiving whistleblower protection

  1. At the time of the report, the whistleblower must have a legitimate reason to believe that the information concerning the breach is true.
  2. The information concerning the breach must fall within the scope of the Whistleblower Act.
  3. The whistleblower must be reporting a breach they have discovered in the course of their work.

What kinds of breaches may be reported?

Breaches of European Union or national law may be reported, if they

  • are punishable offences
  • may result in a penalty fee, or
  • may seriously endanger the realisation of the public interest.

Reports may be filed about breaches in certain sectors:

  • Public procurement (excluding defence and security spending)
  • Financial services, products, and markets
  • Prevention of money laundering and terrorist financing
  • Product safety and conformity
  • Traffic safety
  • Environmental protection
  • Radiation and nuclear safety
  • Food and feed safety and animal health and welfare
  • Public health (as defined in Article 168 of the Treaty on the Functioning of the European Union)
  • Consumer protection
  • Privacy and personal data protection
  • Network and information systems security.

In addition, the following may be reported:

  • Violations of rules concerning European Union fund management or expenditure implementation or European Union income or fund collection
  • Violations of rules concerning the granting, use or recovery of grants or state aid
  • Violations of competition rules
  • Violations of tax rules for businesses and corporations or arrangements made to obtain a tax advantage
  • Violations of legislation enacted to protect consumers.

As an exception to the scope of application, the Act does not apply to violations of the Medicines Act with regard to a private person bringing their personal medication into a country, social welfare service housing and 24-hour service housing, certain provisions of the Act on the Medical Use of Human Organs, Tissues and Cells, and certain provisions of the Act on Cross-Border Health Care.  

Exceptions to the scope of application of section 2, subsection 2 of the Whistleblower Act

Intentionally reporting false information is a punishable act and may result in liability for damages.

Who can receive whistleblower protection?

The Whistleblower Act provides protection for people who report breaches they have discovered in the course of their work.

The whistleblower may be

  • an employee or public servant
  • a self-employed person
  • a shareholder
  • a member of the board of a corporation or foundation or the managing director
  • a volunteer worker, or
  • a trainee.

A whistleblower may also report a breach that occurred during the negotiations preceding their hiring or in the course of an employment relationship that has ended.  A report may be filed even if the negotiations did not result in the person being hired.

In addition, the protection extends to persons who assist the whistleblower in their reporting or are connected to the whistleblower and risk post-report retaliation because of their work or station.  This person could be, for example, a shop steward, trusted representative, health and safety representative or other employee representative, or the whistleblower’s contractual partner, colleague or relative.

Who receives the reports?

The Prime Minister’s Office established an internal whistleblowing channel for the ministries on 1, April 2023. People employed by the ministries have access to the internal whistleblowing channel. Others, such as retired public officials or people employed by partners, may submit a report regarding the activities of the ministry that they have observed in the course of their work and that fall within the scope of the Whistleblower Act using the centralised external reporting channel of the Office of the Chancellor of Justice. The Office of the Chancellor of Justice forwards the reports it receives through its reporting channel to the competent authority, who investigates the report and takes the necessary measures. 

Processing of personal data

Personal data is processed in connection with the tasks laid down in the Whistleblower Act. The controller may process data only if the processing is necessary for the purpose of the Act.

Data Protection in the Ministry of Justice 

Reporting

Centralised external reporting channel