Glossary
Confidentiality
The legal obligation to protect the identity of a whistleblower and any third party named in a report. EU Directive 2019/1937 Article 16 prohibits disclosure beyond authorised staff and persists after the case closes. Disclosure is permitted only with the reporter's consent or where required by national law in criminal or judicial proceedings.
Full definition
Article 16 of EU Directive 2019/1937 imposes a strict confidentiality obligation: the identity of the reporter, and of any third party mentioned in the report, must not be disclosed to anyone beyond the authorized members of staff. The obligation persists even after the case is closed. Disclosure is only permitted (i) with the reporter's express consent, or (ii) when required by national law in the context of criminal investigations, judicial proceedings, or to safeguard the rights of defence. Breach of confidentiality is itself a sanctionable act.
Related terms
- Anonymous Reporting A report submitted without revealing the reporter's identity to the organisation. EU Directive 2019/1937 Article 6(2) leaves the obligation to accept anonymous reports to member-state discretion, and most EU countries (Germany, France, Italy, Spain, the Netherlands) permit it. Anonymous reports that lead to a finding of breach trigger the same protections as named reports.
- GDPR Regulation (EU) 2016/679, the General Data Protection Regulation, governs processing of personal data of EU residents. Whistleblowing channels process personal data of the reporter, the person reported on, and third parties named in the report. Key articles: Art. 6 (legal basis), Art. 5 (minimisation), Art. 9 (special categories), Art. 17 (erasure), and Art. 30 (records).