Cybersecurity Whistleblower Protection: A Comparison of the US and the EU Approaches

Abstract

Read online

This study compares the laws in the United States and the European Union protecting cybersecurity whistleblowers from employer retaliation. Similarities and differences exist regarding the scope of laws, the definition of “retaliation,” and required reporting procedures to be eligible for legal protection. In the US, no anti-retaliation federal statute directly addresses cybersecurity whistleblowing, but whistleblowers may still be protected when they disclose cybersecurity-related violations of laws falling within the scope of protected activity under the current laws. In the EU, the Directive (EU) 2019/1937 directly protects employees who report breaches falling within the scope of the EU acts, including the protection of privacy and personal data and the security of network and information systems. The two approaches also differ concerning the confidentiality of the reporting person’s identity. This study provides a brief foundation for understanding how the US and EU’s approaches differ in providing legal protection against retaliation for whistleblowers.

Keywords

• i̇hbar (bilgi uçurma)
• siber güvenlik
• misilleme
• 2019/1937 sayılı direktif (ab)
• çalışanların korunması
• whistleblowing
• cybersecurity
• retaliation
• directive (eu) 2019/1937
• whistleblower protection