Proton

Why Switzerland? An analysis of Swiss privacy laws

No matter where you live in the world, whether you’re living under an authoritarian government or looking to break away from Big Tech surveillance, using Proton puts your data under the protection of Swiss privacy laws. We are often asked why Proton(nuova finestra) is based in Switzerland and whether there are real advantages to being a Swiss company.

This article explains the main privacy advantages of being a Swiss company, including these key benefits: 

  • Outside of US and EU jurisdiction: Swiss companies are not allowed to share information with foreign law enforcement under criminal penalty.
  • Politically neutral: Switzerland has a long history of neutrality, which shields us from pressure of foreign governments.
  • Strong privacy protections: Switzerland has a constitutional right to privacy and strict data protection laws. Unlike companies in other countries, Proton cannot be compelled by foreign or Swiss authorities to engage in bulk surveillance.
  • Advanced infrastructure: Many other countries with strong privacy laws lack the IT infrastructure and talent pool required to reliably operate a major tech company like Proton. Switzerland has the best of privacy protections, infrastructure, and world-class human resources.

Switzerland is where the web and Proton were born

Proton’s roots(nuova finestra) are in Proton Mail(nuova finestra), which began at the European Organization for Nuclear Research (CERN) in Geneva, Switzerland, where many of our early team members worked together on particle physics experiments. CERN was also the research center where Sir Tim Berners-Lee invented the World Wide Web in 1991, which led to the internet as we know it (Sir Tim is now a member of Proton’s advisory board).

To benefit from Swiss jurisdiction, it is not sufficient to just have a mailbox there, as the government that has effective jurisdiction over a company is the one where an organization’s center of activity is. Switzerland is not just where we are incorporated, it is also the location of our headquarters, the majority of Proton’s leadership and board members, our main datacenter, and the country where we have the greatest number of employees. This is important because if a company was legally incorporated in Switzerland but has the majority of staff in the US, the US government would still effectively control that company. For Proton, Switzerland is not just the legal jurisdiction, but also the place of effective jurisdiction. 

Culture of neutrality and strong individual rights

Switzerland’s political culture of neutrality, discretion, and personal freedom is well-suited for privacy. 

Unless you host your servers on a boat in international waters, you must be under some legal jurisdiction. Choosing one is particularly important because, as the Lavabit example(nuova finestra) shows, local laws can have an existential impact on the service. In Lavabit’s case, their US jurisdiction proved to be fatal.

Given that we serve people with highly sensitive privacy and security requirements from around the world, Switzerland has the advantage of being a neutral location outside of US, EU, and NATO jurisdiction. Swiss neutrality means that Switzerland is not a party to any binding intelligence-sharing agreement, such as the Five Eyes, Nine Eyes, or Fourteen Eyes agreements(nuova finestra) or the NATO intelligence programs(nuova finestra).

Legal differences between Switzerland and other countries

Switzerland has strong legal protections for individual rights, and in fact the Swiss Federal Constitution(nuova finestra) explicitly establishes a constitutional right to privacy. (In the US, this right is merely implied.) Specifically, Article 13 safeguards privacy in personal or family life and within one’s home, and the Swiss Civil Code(nuova finestra) translates this right into statutory law in Article 28.

In the US and EU, authorities can issue gag orders to prevent an individual from knowing they are being investigated or under surveillance. While this type of order also exists in Switzerland, the prosecutors have an obligation to notify the target of surveillance, and the target has an opportunity to appeal in court. In Switzerland, there are no such things as national security letters(nuova finestra), and all surveillance requests must go through the courts. Warrantless surveillance, like that practiced in the US where the FBI conducts 3.4 million searches per year(nuova finestra) with little oversight, is illegal and not permitted in Switzerland.

Switzerland also benefits from a unique legal provision with Article 271 of the Swiss Criminal Code(nuova finestra), which forbids any Swiss company from assisting foreign law enforcement, under threat of criminal penalty. While Switzerland is party to certain international legal assistance agreements, all requests under such agreements must hold up under Swiss law, which has much stricter privacy provisions. All foreign requests are assessed by the Swiss government, which generally does not assist requests from countries with poor rule of law or lack an independent judiciary.

Swiss law has several more unique points. First, it preserves end-to-end encryption, and unlike in the US, UK, or EU, there is no legislation that has been introduced or considered to limit the right to encryption. Second, Swiss law protects no-logs VPN(nuova finestra) meaning that Proton VPN does not have logging obligations. While numerous VPNs claim no-logs, these claims generally do not stand up legally because in most jurisdictions, governments can request that the VPN in question starts logging. So the VPN is only no-logs until the government asks. However, in Switzerland, the law does not allow the government to compel Proton VPN to start logging.

Recent court rulings enhance Swiss privacy

We’ve also fought to ensure that Switzerland remains a legal jurisdiction that respects and protects privacy. 

Nearly every country in the world has laws governing lawful interception of electronic communications for law enforcement purposes. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Post and Telecommunications (SPTA), which was last revised on March 18, 2018. In May 2020, we challenged a decision of the Swiss government over what we believed was an improper attempt to use telecommunications laws to undermine privacy. 

In October 2021, The Swiss Federal Administrative Court ultimately agreed with us and ruled that email companies cannot be considered telecommunication providers(nuova finestra). This means Proton isn’t required to follow any of the SPTA’s mandatory data retention rules, nor are we bound by a full obligation to identify Proton Mail users. Moreover, as a Swiss company, Proton Mail cannot be compelled to engage in bulk surveillance on behalf of US or Swiss intelligence agencies(nuova finestra).

Additional privacy through encryption

While Proton benefits from strong legal protections within Switzerland, we have also built in technological safeguards against surveillance, such as utilizing end-to-end encryption(nuova finestra).

We do not possess the keys required to decrypt users’ emails, calendar events, files, photos, login details, and many kinds of metadata. Even emails between non-Proton Mail accounts cannot be decrypted on our servers thanks to our use of zero-access encryption(nuova finestra). As a result, even if Proton were forced to turn over all our computer systems, your email contents, items in cloud storage, calendar events, and other data would continue to be encrypted.

These technical safeguards are the strongest privacy protections because unlike national laws, the laws of mathematics cannot be changed or altered.

Multi-layered privacy protection

Neither legal protections nor technical protections on their own are sufficient to protect privacy. Even the strongest technical protection can fail because technology is developed by people who are subject to the laws of the country in which they reside. 

We believe comprehensive security can only be achieved through a combination of technology and legal protections, and Switzerland provides the optimal combination of both. Because of Switzerland’s advanced IT infrastructure and its unique legal environment, Proton can deliver a service that is both reliable and secure.

For more information about requests for information made to Proton from Swiss authorities, please view our Transparency Report(nuova finestra).

Articoli correlati

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
  • Aggiornamenti dei prodotti
  • Proton Pass
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
en
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
en
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.