ProtonBlog

Why Switzerland? An analysis of Swiss privacy laws

No matter where you live in the world, whether you’re living under an authoritarian government or looking to break away from Big Tech surveillance, using Proton puts your data under the protection of Swiss privacy laws. We are often asked why Proton(new window) is based in Switzerland and whether there are real advantages to being a Swiss company.

This article explains the main privacy advantages of being a Swiss company, including these key benefits: 

  • Outside of US and EU jurisdiction: Swiss companies are not allowed to share information with foreign law enforcement under criminal penalty.
  • Politically neutral: Switzerland has a long history of neutrality, which shields us from pressure of foreign governments.
  • Strong privacy protections: Switzerland has a constitutional right to privacy and strict data protection laws. Unlike companies in other countries, Proton cannot be compelled by foreign or Swiss authorities to engage in bulk surveillance.
  • Advanced infrastructure: Many other countries with strong privacy laws lack the IT infrastructure and talent pool required to reliably operate a major tech company like Proton. Switzerland has the best of privacy protections, infrastructure, and world-class human resources.

Switzerland is where the web and Proton were born

Proton’s roots(new window) are in Proton Mail(new window), which began at the European Organization for Nuclear Research (CERN) in Geneva, Switzerland, where many of our early team members worked together on particle physics experiments. CERN was also the research center where Sir Tim Berners-Lee invented the World Wide Web in 1991, which led to the internet as we know it (Sir Tim is now a member of Proton’s advisory board).

To benefit from Swiss jurisdiction, it is not sufficient to just have a mailbox there, as the government that has effective jurisdiction over a company is the one where an organization’s center of activity is. Switzerland is not just where we are incorporated, it is also the location of our headquarters, the majority of Proton’s leadership and board members, our main datacenter, and the country where we have the greatest number of employees. This is important because if a company was legally incorporated in Switzerland but has the majority of staff in the US, the US government would still effectively control that company. For Proton, Switzerland is not just the legal jurisdiction, but also the place of effective jurisdiction. 

Culture of neutrality and strong individual rights

Switzerland’s political culture of neutrality, discretion, and personal freedom is well-suited for privacy. 

Unless you host your servers on a boat in international waters, you must be under some legal jurisdiction. Choosing one is particularly important because, as the Lavabit example(new window) shows, local laws can have an existential impact on the service. In Lavabit’s case, their US jurisdiction proved to be fatal.

Given that we serve people with highly sensitive privacy and security requirements from around the world, Switzerland has the advantage of being a neutral location outside of US, EU, and NATO jurisdiction. Swiss neutrality means that Switzerland is not a party to any binding intelligence-sharing agreement, such as the Five Eyes, Nine Eyes, or Fourteen Eyes agreements(new window) or the NATO intelligence programs(new window).

Legal differences between Switzerland and other countries

Switzerland has strong legal protections for individual rights, and in fact the Swiss Federal Constitution(new window) explicitly establishes a constitutional right to privacy. (In the US, this right is merely implied.) Specifically, Article 13 safeguards privacy in personal or family life and within one’s home, and the Swiss Civil Code(new window) translates this right into statutory law in Article 28.

In the US and EU, authorities can issue gag orders to prevent an individual from knowing they are being investigated or under surveillance. While this type of order also exists in Switzerland, the prosecutors have an obligation to notify the target of surveillance, and the target has an opportunity to appeal in court. In Switzerland, there are no such things as national security letters(new window), and all surveillance requests must go through the courts. Warrantless surveillance, like that practiced in the US where the FBI conducts 3.4 million searches per year(new window) with little oversight, is illegal and not permitted in Switzerland.

Switzerland also benefits from a unique legal provision with Article 271 of the Swiss Criminal Code(new window), which forbids any Swiss company from assisting foreign law enforcement, under threat of criminal penalty. While Switzerland is party to certain international legal assistance agreements, all requests under such agreements must hold up under Swiss law, which has much stricter privacy provisions. All foreign requests are assessed by the Swiss government, which generally does not assist requests from countries with poor rule of law or lack an independent judiciary.

Swiss law has several more unique points. First, it preserves end-to-end encryption, and unlike in the US, UK, or EU, there is no legislation that has been introduced or considered to limit the right to encryption. Second, Swiss law protects no-logs VPN(new window) meaning that Proton VPN does not have logging obligations. While numerous VPNs claim no-logs, these claims generally do not stand up legally because in most jurisdictions, governments can request that the VPN in question starts logging. So the VPN is only no-logs until the government asks. However, in Switzerland, the law does not allow the government to compel Proton VPN to start logging.

Recent court rulings enhance Swiss privacy

We’ve also fought to ensure that Switzerland remains a legal jurisdiction that respects and protects privacy. 

Nearly every country in the world has laws governing lawful interception of electronic communications for law enforcement purposes. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Post and Telecommunications (SPTA), which was last revised on March 18, 2018. In May 2020, we challenged a decision of the Swiss government over what we believed was an improper attempt to use telecommunications laws to undermine privacy. 

In October 2021, The Swiss Federal Administrative Court ultimately agreed with us and ruled that email companies cannot be considered telecommunication providers(new window). This means Proton isn’t required to follow any of the SPTA’s mandatory data retention rules, nor are we bound by a full obligation to identify Proton Mail users. Moreover, as a Swiss company, Proton Mail cannot be compelled to engage in bulk surveillance on behalf of US or Swiss intelligence agencies(new window).

Additional privacy through encryption

While Proton benefits from strong legal protections within Switzerland, we have also built in technological safeguards against surveillance, such as utilizing end-to-end encryption(new window).

We do not possess the keys required to decrypt users’ emails, calendar events, files, photos, login details, and many kinds of metadata. Even emails between non-Proton Mail accounts cannot be decrypted on our servers thanks to our use of zero-access encryption(new window). As a result, even if Proton were forced to turn over all our computer systems, your email contents, items in cloud storage, calendar events, and other data would continue to be encrypted.

These technical safeguards are the strongest privacy protections because unlike national laws, the laws of mathematics cannot be changed or altered.

Multi-layered privacy protection

Neither legal protections nor technical protections on their own are sufficient to protect privacy. Even the strongest technical protection can fail because technology is developed by people who are subject to the laws of the country in which they reside. 

We believe comprehensive security can only be achieved through a combination of technology and legal protections, and Switzerland provides the optimal combination of both. Because of Switzerland’s advanced IT infrastructure and its unique legal environment, Proton can deliver a service that is both reliable and secure.

For more information about requests for information made to Proton from Swiss authorities, please view our Transparency Report(new window).

Обеспечьте конфиденциальность своих данных с Proton
Создать бесплатный аккаунт

Статьи по теме

en
If you’re comparing different password managers or researching password security, you’ll quickly run into terms like hashing and salting. While these terms might sound like steps you take to make breakfast potatoes, they’re actually processes that ar
en
People often choose to remove their personal information from the internet due to privacy and security concerns. For example, oversharing on social media can expose you to phishing attacks, identity theft, and cyberstalking. Plus, your data is highl
en
It’s been roughly three months since the European Union’s Digital Markets Act (DMA), which aims to restore competition and fairness to the internet, came into effect for Big Tech monopolies. Since then, Google has done precisely nothing to comply wit
en
Today we’re announcing enhancements to our business plans, further enriching our commitment to delivering the best privacy experience for businesses. These upgrades will help us continue expanding our feature suite for organizations, while giving mor
Proton Pass brings secure and private password management to all devices
en
Today, we’re excited to announce the launch of the Proton Pass macOS app and the Proton Pass Linux app. One of the most popular requests from the Proton community was a standalone desktop app, which is now available on every major platform — Windows,
en
  • Новости о конфиденциальности
When you use the internet at home, connected to everything from fitness equipment to game consoles, smartphones, and laptops, marketing companies could be watching you with a tiny piece of surveillance tech you might not even know about. We’re talki