Switzerland has long been hailed as a bastion of security. Data security is held sacred in Switzerland, and Swiss privacy laws are just plain better than anywhere else in the world. In fact, security-minded companies — like pCloud and ProtonVPN (read our ProtonVPN review) — frequently make their homes in the Alpine country.
- There are three major laws regulating data protection and information privacy in Switzerland: Article 13 of the Swiss Constitution, the Federal Act on Data Protection (DPA) and the General Data Protection Regulation (GDPR).
- These laws force businesses to ask permission from their users whenever they need to store and process their personal data.
- Businesses based in Switzerland provide the greatest level of protection for their users’ data, so choosing a Swiss company like pCloud to store your data is your best option.
In this article, we’ll go through all the data protection legislation that Swiss companies offer their users. Read on to find out why Switzerland has some of the best online privacy laws in the world.
While we’re reluctant to make such sweeping statements, Swiss companies in general are more secure than their U.S.-based counterparts, thanks to Switzerland’s strict laws governing the processing of personal data.
There are several laws in Switzerland regarding the processing and transfer of sensitive personal data. These include Article 13 of the Swiss Constitution and a Swiss law called the DPA, as well as European legislation, such as the GDPR.
Companies must adhere to regulations set out in the GDPR. The Swiss data protection act (DPA) is closely aligned to the GDPR, so their provisions are similar. These regulations include requiring businesses to ask permission from users to store, transfer or handle their data in any way, as well as employing a Data Protection Officer to make sure personal data is handled properly.
Swiss Privacy Laws: The TL;DR Version
There are three major data protection laws governing the processing of personal data in Switzerland. The first is Article 13 of the Swiss Federal Constitution (no, not that Article 13). The second is the Federal Act of Data Protection (DPA). Lastly, Switzerland is a close partner of the European Union (despite not being part of it), thus Swiss companies must also adhere to the General Data Protection Regulation (GDPR).
We’ll look into each of these laws to see how they affect you, the user, when you’re dealing with a company based in Switzerland.
Let’s start with the law of laws itself — the Swiss Constitution. Switzerland is one of very few countries to have data processing regulations built into its constitution. Article 13 of the constitution provides several protections to Swiss citizens in regards to online communications, email and the processing of personal data. The article states, in part:
1. Every person has the right to privacy in their private and family life and in their home, and in relation to their mail and telecommunications.
2. Every person has the right to be protected against the misuse of their personal data.
These constitutional provisions mean that all Swiss companies and service providers must expressly ask for permission to be able to process your data. There is a big if here, though. This only applies if you’re a Swiss resident, as you otherwise won’t be covered by the Swiss Constitution. Fret not, however. Even if you’re not a Swiss citizen, the next two laws have you covered.
The Swiss Federal Act on Data Protection (DPA)
The DPA is a Swiss data protection law that reaches further than the territory of Switzerland. It sets out to shield the right to privacy of Swiss data subjects, but its scope is larger than the constitution. It provides protections from foreign companies misusing the personal data of Swiss citizens, but also prevents Swiss companies from mishandling their users’ personal information.
As this law is based on the constitutional provision for data protection, the DPA states that any data subject interacting with a Swiss company must give the company permission to process personal data that belongs to them. Because of the law’s extraterritorial reach, your data will be kept safe with any Swiss company, no matter where you’re from.
The DPA has recently been updated to more closely comply with the EU’s GDPR, adding a higher level of data protection based on European data protection principles. The changes have been approved by lawmakers, but the overhauled law will come into effect either later in 2021 or 2022.
The General Data Protection Regulation (GDPR)
The GDPR is a European data protection law made to shield the data privacy rights of individuals residing within the EU from companies employing advanced data processing technologies. However, like the DPA, its reach projects well beyond Europe.
Any controllers and processors of personal data that want to operate in the EU (and that includes providing services to EU citizens from abroad) must adhere to the GDPR. In effect, this means that most online businesses have to make some provisions to appease EU data protection laws, or lose access to the European market entirely.
The GDPR is meant to stop privacy breaches like Facebook’s Cambridge Analytica scandal. It forces companies to provide an adequate level of data protection for European data subjects. For one, under the GDPR, a user has to consent to the service storing their personal data, and the service is forced to delete all of their data if the user so wishes.
Even if a business follows an “opt-in” policy for handling personal data, information about a customer can’t be transferred to another entity without the customer’s permission. Plus, the business must notify all of its data subjects whenever it suffers a data breach.
Companies must also employ a dedicated data supervisor called a Data Protection Officer (DPO), to make sure businesses have a body dedicated to data processing.
Failure to comply with any of these rules will result in a fine of either 20 million euros or 4 percent of the business’ annual global revenue, whichever is greater.
Swiss Laws Protect Your IP Address
As of 2010, Swiss law considers your IP address to be part of your personal data, thanks to a ruling by the Swiss Supreme Court. This means that your IP address falls under the protection of Swiss laws including the DPA and the Constitution, and that a Swiss company is legally barred from tracking it.
How Other Countries Handle Processing of Personal Data
Now that we’ve gone over how Switzerland protects your personal data, let’s look at a few countries that treat data protection like an unwanted stepchild.
First up is the United States. The U.S. has a knack for pushing privacy-invading legislation through Congress using clever acronyms, like the Freedom Act and the Patriot Act. After all, something called the “Patriot Act” must be good for Americans, right? The U.S. data privacy laws give government agencies broad surveillance powers over its citizens, including U.S.-based companies and their data subjects.
A Swiss company like pCloud will definitely take better care of your personal data than a U.S.-based one, like Dropbox (you can see how the two compare in our pCloud vs Dropbox article).
China is another country notorious for its deep surveillance network, which includes high-resolution facial recognition systems. It even has its own internet to keep citizens happily uninformed.
India and Russia are two more examples of government interference in the online lives of citizens. Developing countries such as Bangladesh and Pakistan are also frequent offenders when it comes to infringing on data privacy rights. However, government surveillance and internet censorship isn’t just for far-flung countries and dictatorships. France, the Netherlands and the UK are proof of that.
If you value your privacy, choosing a secure service to handle your online personal data is a must. Switzerland’s privacy laws make it an attractive choice for companies that want to show their customers they’re secure and they mean business.
What do you think about Switzerland’s privacy laws? What are the privacy laws like in your country? Let us know in the comments below. As always, thank you for reading.