Since the founding of Proton in 2014, we have fought to advance privacy and freedom around the world. We do this not only through technology and advocacy (Proton has contributed over $500,000 toward defending these values around the world) but also through the courtroom.
As part of these efforts, in May 2020, we launched a legal challenge against the Swiss government over what we believe to be an improper attempt to use telecommunications laws to undermine privacy. In a ruling this week, the Swiss Federal Administrative Court confirmed that email services cannot be considered telecommunications providers, and consequently are not subject to the data retention requirements imposed on telecommunications providers.
This comes on the heels of a Swiss Supreme Court ruling in April 2021 in a case brought by Threema (2C_544/2020) that ruled that instant messaging services are also not telecommunications providers. Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders.
The bigger picture
We have chosen Switzerland as our home because we believe it provides strong legal privacy protections. We will, however, continue to watch developments in Switzerland and other countries and, if necessary, adapt to ensure that our jurisdiction of incorporation offers our community the best possible privacy protection.
We are also watching several promising developments in the EU. In April 2014, the Court of Justice of the European Union (CJEU) struck down the EU’s data retention directive, stating it disproportionately interfered with the right to privacy and protection of personal data. The judgment was later confirmed by the CJEU in October 2020(nouvelle fenêtre), striking down several national applications of the directive by Member States (C-623/17, C-511/18, C-512/18, C-520/18).
We are also supporting the challenge led by Swiss digital rights groups(nouvelle fenêtre) against Swiss data retention laws at the European Court of Human Rights(nouvelle fenêtre). Given the past legal precedent set by the CJEU in 2014 and its confirmation in 2020, there are strong indications that the ECHR will definitively strike down Switzerland’s metadata retention obligations on telecommunications providers.
While we continue to push the legal and policy frameworks in our community’s interest, ultimately, the best protection we can provide users is through the laws of mathematics, which are unyielding and unchanging. Today, the privacy by default provided by Proton’s products is derived primarily from our usage of zero-access encryption and end-to-end encryption. Going forward, we will continue to double down on encryption and are committed to increasing and strengthening our use of encryption to provide users with the best possible privacy protection.
The fight continues
While this is an important legal victory for Proton and Swiss privacy, our work does not end here. We will also continue to closely watch developments in both Switzerland and other countries, and adapt as necessary to ensure that our legal jurisdiction offers the best possible privacy protection to users. We expect there to be further attempts to force tech companies to undermine privacy in both Switzerland and abroad, and we are committed to continuing to challenge this through both our encryption technology and through the judicial system.
Your support makes this work possible, and for that we’re forever grateful.
