Swiss court ruling strengthens privacy for email providers

Share this page

Since the founding of Proton in 2014, we have fought to advance privacy and freedom around the world. We do this not only through technology and advocacy (Proton has contributed over $500,000 toward defending these values around the world) but also through the courtroom. 

As part of these efforts, in May 2020, we launched a legal challenge against the Swiss government over what we believe to be an improper attempt to use telecommunications laws to undermine privacy. In a ruling this week, the Swiss Federal Administrative Court confirmed that email services cannot be considered telecommunications providers, and consequently are not subject to the data retention requirements imposed on telecommunications providers.

This comes on the heels of a Swiss Supreme Court ruling in April 2021 in a case brought by Threema (2C_544/2020) that ruled that instant messaging services are also not telecommunications providers. Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders.

The bigger picture

We have chosen Switzerland as our home because we believe it provides strong legal privacy protections. We will, however, continue to watch developments in Switzerland and other countries and, if necessary, adapt to ensure that our jurisdiction of incorporation offers our community the best possible privacy protection. 

We are also watching several promising developments in the EU. In April 2014, the Court of Justice of the European Union (CJEU) struck down the EU’s data retention directive, stating it disproportionately interfered with the right to privacy and protection of personal data. The judgment was later confirmed by the CJEU in October 2020(new window), striking down several national applications of the directive by Member States (C-623/17, C-511/18, C-512/18, C-520/18).

We are also supporting the challenge led by Swiss digital rights groups(new window) against Swiss data retention laws at the European Court of Human Rights(new window). Given the past legal precedent set by the CJEU in 2014 and its confirmation in 2020, there are strong indications that the ECHR will definitively strike down Switzerland’s metadata retention obligations on telecommunications providers.

While we continue to push the legal and policy frameworks in our community’s interest, ultimately, the best protection we can provide users is through the laws of mathematics, which are unyielding and unchanging. Today, the privacy by default provided by Proton’s products is derived primarily from our usage of zero-access encryption and end-to-end encryption. Going forward, we will continue to double down on encryption and are committed to increasing and strengthening our use of encryption to provide users with the best possible privacy protection.

The fight continues

While this is an important legal victory for Proton and Swiss privacy, our work does not end here. We will also continue to closely watch developments in both Switzerland and other countries, and adapt as necessary to ensure that our legal jurisdiction offers the best possible privacy protection to users. We expect there to be further attempts to force tech companies to undermine privacy in both Switzerland and abroad, and we are committed to continuing to challenge this through both our encryption technology and through the judicial system.

Your support makes this work possible, and for that we’re forever grateful.

Protect your privacy with Proton
Create a free account

Share this page

Proton Team

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

With over 33 million registered users and more than 100,000 business customers, LastPass is one of the world’s most popular password managers. After an escalating series of highly-damaging disclosures over the last few months, LastPass has now admitt
Email headers are the hidden part of emails containing vital information to identify and authenticate messages. Learn how to read them to spot spam and stay secure. Have you received an unexpected email from a strange address? Is it actually from so
The United States is notoriously weak on privacy laws. With its secret surveillance courts and all-powerful spy agencies, the US has many tools to collect data on people within its jurisdiction and beyond. Recently, that power has been used to prose
When you encrypt files on your computer, it’s like storing them in a vault: Only someone with the correct key can access them. That’s useful if you’re concerned about hackers stealing your most sensitive documents or companies scanning your data for
Two-factor authentication (2FA) is an extra layer of protection for online accounts that requires you to use more than just your username and password to log in.  With 2FA enabled, you can protect access to your online accounts even if your password
Internet users of a certain age might recall earlier days of personal computing, with stacks of labeled floppy disks or CDs lying around the office. Those have all but disappeared thanks to the widespread availability of cloud storage, which took off