ProtonBlog

Why Switzerland? An analysis of Swiss privacy laws

No matter where you live in the world, whether you’re living under an authoritarian government or looking to break away from Big Tech surveillance, using Proton puts your data under the protection of Swiss privacy laws. We are often asked why Proton(new window) is based in Switzerland and whether there are real advantages to being a Swiss company.

This article explains the main privacy advantages of being a Swiss company, including these key benefits: 

  • Outside of US and EU jurisdiction: Swiss companies are not allowed to share information with foreign law enforcement under criminal penalty.
  • Politically neutral: Switzerland has a long history of neutrality, which shields us from pressure of foreign governments.
  • Strong privacy protections: Switzerland has a constitutional right to privacy and strict data protection laws. Unlike companies in other countries, Proton cannot be compelled by foreign or Swiss authorities to engage in bulk surveillance.
  • Advanced infrastructure: Many other countries with strong privacy laws lack the IT infrastructure and talent pool required to reliably operate a major tech company like Proton. Switzerland has the best of privacy protections, infrastructure, and world-class human resources.

Switzerland is where the web and Proton were born

Proton’s roots(new window) are in Proton Mail(new window), which began at the European Organization for Nuclear Research (CERN) in Geneva, Switzerland, where many of our early team members worked together on particle physics experiments. CERN was also the research center where Sir Tim Berners-Lee invented the World Wide Web in 1991, which led to the internet as we know it (Sir Tim is now a member of Proton’s advisory board).

To benefit from Swiss jurisdiction, it is not sufficient to just have a mailbox there, as the government that has effective jurisdiction over a company is the one where an organization’s center of activity is. Switzerland is not just where we are incorporated, it is also the location of our headquarters, the majority of Proton’s leadership and board members, our main datacenter, and the country where we have the greatest number of employees. This is important because if a company was legally incorporated in Switzerland but has the majority of staff in the US, the US government would still effectively control that company. For Proton, Switzerland is not just the legal jurisdiction, but also the place of effective jurisdiction. 

Culture of neutrality and strong individual rights

Switzerland’s political culture of neutrality, discretion, and personal freedom is well-suited for privacy. 

Unless you host your servers on a boat in international waters, you must be under some legal jurisdiction. Choosing one is particularly important because, as the Lavabit example(new window) shows, local laws can have an existential impact on the service. In Lavabit’s case, their US jurisdiction proved to be fatal.

Given that we serve people with highly sensitive privacy and security requirements from around the world, Switzerland has the advantage of being a neutral location outside of US, EU, and NATO jurisdiction. Swiss neutrality means that Switzerland is not a party to any binding intelligence-sharing agreement, such as the Five Eyes, Nine Eyes, or Fourteen Eyes agreements(new window) or the NATO intelligence programs(new window).

Legal differences between Switzerland and other countries

Switzerland has strong legal protections for individual rights, and in fact the Swiss Federal Constitution(new window) explicitly establishes a constitutional right to privacy. (In the US, this right is merely implied.) Specifically, Article 13 safeguards privacy in personal or family life and within one’s home, and the Swiss Civil Code(new window) translates this right into statutory law in Article 28.

In the US and EU, authorities can issue gag orders to prevent an individual from knowing they are being investigated or under surveillance. While this type of order also exists in Switzerland, the prosecutors have an obligation to notify the target of surveillance, and the target has an opportunity to appeal in court. In Switzerland, there are no such things as national security letters(new window), and all surveillance requests must go through the courts. Warrantless surveillance, like that practiced in the US where the FBI conducts 3.4 million searches per year(new window) with little oversight, is illegal and not permitted in Switzerland.

Switzerland also benefits from a unique legal provision with Article 271 of the Swiss Criminal Code(new window), which forbids any Swiss company from assisting foreign law enforcement, under threat of criminal penalty. While Switzerland is party to certain international legal assistance agreements, all requests under such agreements must hold up under Swiss law, which has much stricter privacy provisions. All foreign requests are assessed by the Swiss government, which generally does not assist requests from countries with poor rule of law or lack an independent judiciary.

Swiss law has several more unique points. First, it preserves end-to-end encryption, and unlike in the US, UK, or EU, there is no legislation that has been introduced or considered to limit the right to encryption. Second, Swiss law protects no-logs VPN(new window) meaning that Proton VPN does not have logging obligations. While numerous VPNs claim no-logs, these claims generally do not stand up legally because in most jurisdictions, governments can request that the VPN in question starts logging. So the VPN is only no-logs until the government asks. However, in Switzerland, the law does not allow the government to compel Proton VPN to start logging.

Recent court rulings enhance Swiss privacy

We’ve also fought to ensure that Switzerland remains a legal jurisdiction that respects and protects privacy. 

Nearly every country in the world has laws governing lawful interception of electronic communications for law enforcement purposes. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Post and Telecommunications (SPTA), which was last revised on March 18, 2018. In May 2020, we challenged a decision of the Swiss government over what we believed was an improper attempt to use telecommunications laws to undermine privacy. 

In October 2021, The Swiss Federal Administrative Court ultimately agreed with us and ruled that email companies cannot be considered telecommunication providers(new window). This means Proton isn’t required to follow any of the SPTA’s mandatory data retention rules, nor are we bound by a full obligation to identify Proton Mail users. Moreover, as a Swiss company, Proton Mail cannot be compelled to engage in bulk surveillance on behalf of US or Swiss intelligence agencies(new window).

Additional privacy through encryption

While Proton benefits from strong legal protections within Switzerland, we have also built in technological safeguards against surveillance, such as utilizing end-to-end encryption(new window).

We do not possess the keys required to decrypt users’ emails, calendar events, files, photos, login details, and many kinds of metadata. Even emails between non-Proton Mail accounts cannot be decrypted on our servers thanks to our use of zero-access encryption(new window). As a result, even if Proton were forced to turn over all our computer systems, your email contents, items in cloud storage, calendar events, and other data would continue to be encrypted.

These technical safeguards are the strongest privacy protections because unlike national laws, the laws of mathematics cannot be changed or altered.

Multi-layered privacy protection

Neither legal protections nor technical protections on their own are sufficient to protect privacy. Even the strongest technical protection can fail because technology is developed by people who are subject to the laws of the country in which they reside. 

We believe comprehensive security can only be achieved through a combination of technology and legal protections, and Switzerland provides the optimal combination of both. Because of Switzerland’s advanced IT infrastructure and its unique legal environment, Proton can deliver a service that is both reliable and secure.

For more information about requests for information made to Proton from Swiss authorities, please view our Transparency Report(new window).

Protégez votre vie privée avec Proton
Créer un compte gratuit

Articles similaires

en
Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
en
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
en
  • Vie privée, les fondamentaux
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
en
  • Vie privée, les fondamentaux
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
en
  • Vie privée, les fondamentaux
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Les fuites de données sont de plus en plus courantes. Lorsque vous vous inscrivez à un service en ligne, vous fournissez des informations personnelles précieuses pour les pirates, telles que des adresses e-mail, des mots de passe, des numéros de télé