Different countries differ significantly in terms of laws regulating data protection, privacy, and freedom of expression. Your needs for privacy and security may be better served by hosting your email in one country in preference to another.
Over the years, we have offered email services hosted in the USA, the Netherlands, and Switzerland. Since March 2013, all our email services and servers are now located in Switzerland, outside the US and the EU, in a country that provides a very good legal environment for the protection of our customers' privacy.
According to the EPIC / Privacy International survey of Privacy & Human Rights (2006), the right to privacy is guaranteed by the constitution of Switzerland and reinforced both by a comprehensive data protection framework as well as by very strong legal safeguards on law enforcement access to private information for criminal investigations:
Constitutional Privacy Framework
Article 36(4) of the 1874 Constitution guaranteed, "[t]he inviolability of the secrecy of letters and telegrams." This Constitution was repealed and replaced by public referendum in April 1999. The new constitution, which entered into force on January 1, 2000, greatly expanded the older privacy protection provision. Article 13 of the Constitution now states: "All persons have the right to receive respect for their private and family life, home, mail and telecommunications. All persons have the right to be protected against abuse of their personal data."
Data Protection Framework
The Federal Act of Data Protection of 1992 (Loi fédérale sur la protection des données or LPD) regulates personal information held by federal government and private bodies. The Act requires that information must be legally and fairly collected and places limits on its use and disclosure to third parties. Private companies must register if they regularly process sensitive data or transfer the data to third parties. Transfers to other nations must be registered and the recipient nation must have equivalent laws. Individuals have a right of access to correct inaccurate information. Federal agencies must register their databases. There are criminal penalties for violations. In March 2006, the Federal Parliament adopted major revisions to the LPD; the revisions are expected to come into force towards the end of the summer of 2007.
Revisions to the LPD include: elimination of the possibility of justifying a violation of the principles on the basis of an overriding private or public interest; requirement that processors of sensitive data actively notify data subjects; further requirements for controllers to ensure that third party processors have adequate security in place; and restriction on the methods of ensuring adequate data protection in transfers to third countries.
In June 1999, the European Union Data Protection Working Party determined that Swiss law was adequate under the European Union Directive. In July 2000, the European Commission formally adopted this position, thereby approving all future personal data transfers to Switzerland. On October 20, 2004, the Commission of the European Union confirmed this approval. However, as long as the revision of the Data Protection Law is pending, Switzerland cannot formally ratify the Data Protection Protocol of the European Council.
Interception of Telecommunications
Swiss telecom providers have to keep a log for six months of all communication traffic data to comply with the Federal Law on the Surveillance of Mail and Telecommunications. This law requires that the respective telephone companies constantly track phones and store the data collected. Whereas until 2003 interception was possible in all investigations relating to crimes and offenses (crimes for which a prison sentence can be issued), the current law prohibits any preventive interception and provides, for the first time, for a catalogue of offenses. In the case of investigations on crimes and offenses described in the catalogue, an instruction judge (Untersuchungsrichter), with the allowance of the prosecution chamber, can order providers to hand over the archived data. The same catalogue is relevant for real-time interception cases. In this case, a judge can compel a provider to install a direct connection of all telecommunications to the STS. In March 2003, the catalogue of criminal offenses allowing interception was extended, introducing provisions against the "financing of terrorism."
On October 21, 2003, the Federal Court decided in a unanimous vote that, in the case of wiretapping, the Federal Prosecutor has the duty to inform the persons observed after surveillance has been carried out, including information about the reasons of the monitoring.
In a March 2004 revision of the Penal Code (Strafgesetzbuch), commercial companies are allowed to keep logs of phone conversations with their clients, even without their consent, for the purpose of securing evidence. However, they are not allowed to analyze this data for marketing purposes, or to give this data to third parties.
In April 2007, at the end of a year-long consultation process, the Swiss government announced its intention to move ahead with a proposal to allow the Swiss secret services to be able to carry out communications surveillance correspondence, telephone and email and observe private areas such as hotel rooms, if necessary by installing bugging devices. Proponents stated that the interception amendment would only concern cases that dealt with terrorism, weapons of mass destruction and spying. They would only be taken as a last resort and their legality checked beforehand. Critics from both the left and the right voiced concerns with the proposal, and the Data Protection Commissioner stated that the proposed changes are dangerous because eavesdropping on citizens within their private sphere could take place without any criminal allegations."
Switzerland is a member of the Council of Europe (CoE) and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108) in 1997. Switzerland has also signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR). On 13 May 2005, Switzerland signed Protocol 14 to the ECHR, amending the Convention's control system, at the 114th session of the Committee of Ministers of the Council of Europe held in Strasbourg. In November 2001, Switzerland signed, but has not ratified, the CoE Convention on Cybercrime. It is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
We believe that its long-standing and traditional respect for privacy, both guaranteed in the Swiss Constitution and reinforced by many legislative and judicial decisions, makes Switzerland an ideal location for premium private email hosting.