To be able to build a truly secure and privacy-oriented system it is important not only which technologies are used, but also where the data is stored and where the servers are located.
With strict federal laws and regulations in place for data privacy and protection, Switzerland is a top county to be considered when creating a truly private system.
This is the reason why Switzerland has become a destination for companies looking to provide strong privacy services and make sure the privacy protection laws work right. There the laws are better designed to protect people’s privacy and put the user in control of his/her data.
Wikipedia shows the country’s history of pro-privacy laws and its resistance when it comes to sharing user data with authorities:
In Switzerland, the right to privacy is guaranteed in article 13 of the Swiss Federal Constitution.
The Federal Act on Data Protection of 19 June 1992 (in force since 1993) has set up a strict protection of privacy by prohibiting virtually any processing of personal data which is not expressly authorized by the data subjects. The protection is subject to the authority of the Federal Data Protection and Information Commissioner.
Additionally, any person may ask in writing a company (managing data files) the correction or deletion of any personal data. The company must respond within thirty days.
There were no government restrictions on access to the Internet or credible reports that the government monitored e-mail or Internet chat rooms without appropriate legal authority. The constitution provides for freedom of speech and press, and the government generally respects these rights in practice.
Under Swiss federal law, it is a crime to publish information based on leaked “secret official discussions.” A number of cases involving violations of secrecy by the press were under investigation during 2012, but authorities handed down no sentences for such offenses.
In 2010 the Federal Supreme Court of Switzerland found that IP addresses are personal information and that under Swiss privacy laws they may not be used to track Internet usage without the knowledge of the individuals involved.
Data Protection Act
Data protection in Switzerland is also regulated by the Swiss Federal Data Protection Act (DPA) which contains:
- General rules about the protection of data
- Regulations about data processing by individuals, organizations and federal authorities
- The duties and assignments for the Federal Data Protection and Information Commissioner, the main supervisory authority
According to the Act, personal data processing must comply with the following general principles:
- Principle of lawfulness - Personal data can only be processed lawfully
- Principle of proportionality - Personal data processing must be carried out in good faith and must be proportionate
- Principle of appropriateness - Personal data can only be processed for the purpose indicated at the time of collection, that is evident from the circumstances, or that is provided for by law
- Principle of transparency - The collection of personal data and the purpose of processing must be evident to the data subject
Processing of sensitive data and identity profile is also covered in the Act and the processors of such must obtain the express consent of data subjects. Sensitive data and identity profile may contain data that permits an evaluation of the essential characteristics of a person’s personality. Unjustified disclosure of such data to third parties is considered a data protection breach and is subject to fines.
Every data collection must be publicly stated and the subject of such collection must be notified about the purposes of data collection and processing, the identity of the data controller and the categories of data recipients, if disclosure of data is planned. Any person can request a data controller to state whether their personal data is being processed.
The data subject must know
- All available data concerning the data subject
- The purpose for the processing
- The categories of personal data being processed
- Other parties involved in the processing.
If the collection or processing of personal data is unlawful, a data subject can request data processing to be stopped and personal data to be destroyed.
The data controller must ensure an appropriate level of data protection by implementing technical and organisational protection measures and ensure the confidentiality, availability and integrity of the data.
Cookies can only be used if the data subject is informed of such use and is given the choice to deactivate cookies (opt-out mechanism).
Our Business is protecting Privacy
We are committed to protecting privacy and personal data online and that is why we have chosen Switzerland as the cradle for our users’ data. Switzerland is outside of US and EU jurisdiction and it applies a very different set of privacy laws, as you can see from the information above.
On top of that we do everything to protect user’s data and we develop our system with security in mind from day one. With no technical or legal restrictions, we are aiming to produce a system without compromise. In accordance with encryption best practices, we don’t hold or have access to the keys that encrypt our customers’ private communications.
With this combination of encryption best practices and legal protections we can protectively protect users’ privacy and provide you with a service that is both reliable and secure.
