


























Gabriel Wechta, NASK National Research Institute
The EU Whistleblower Directive aims to create a framework where the persons reporting breaches of EU law are protected against retaliation. In contrast to GDPR, it is mainly based on trust assumptions and not on the concept of privacy and security by design. As we are explicitly dealing with problems of unlawful behavior, this is a critical issue. In this paper, we analyze the role of pseudonymization, the main technical tool promoted in the GDPR, within the Whistleblower Directive. To see the real impact of the Directive, we analyze how these issues are reflected in the national law in Germany and Poland. We show that the current law does not take advantage of the opportunities given by pseudonymization and does not create a clear legal framework that can be converted to problem-relevant technical requirements. Even worse, it allows the Member States to ban anonymous reports. On the other hand, we show that so far, no pseudonymization tool developed within official ID management frameworks addresses all threats to reporting systems.
BibTeX
@misc{cryptoeprint:2026/937,
author = {Mirosław Kutyłowski and Gabriel Wechta},
title = {Pseudonymization and reporters’ protection by design in the {EU} whistleblower directive},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/937},
year = {2026},
doi = {https://doi.org/10.1093/cybsec/tyaf028},
url = {https://eprint.iacr.org/2026/937}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。