Digital Surveillance and Privacy in Switzerland: The Divisive Law

For several weeks, an intense debate has been raging in the Swiss digital landscape. The issue: the ongoing revision of the Federal Act on the Surveillance of Postal and Telecommunications Correspondence (LSCPT). This bill aims to require providers of VPN, encrypted messaging, and cloud hosting services operating in Switzerland to retain certain metadata related to their users' connections and to transmit it to the authorities upon request.

This text, if adopted, would upset the historical balance between national security and respect for digital privacy in the country. It is raising growing concerns among several major players in the Swiss and international technology sector, starting with Infomaniak, Proton, and NymVPN, which have for years advocated an approach based on data protection and digital sovereignty.

A Changing Legal Context

Switzerland has long distinguished itself by its protective legislative framework regarding privacy and digital neutrality. Historically, the LSCPT already allowed authorities to carry out certain forms of surveillance, but mainly by court order and in specific cases related to organized crime, terrorism, or national security.

However, with the rise of cybercriminal threats, disinformation campaigns, and economic espionage, the Federal Council now considers it necessary to extend this mechanism to modern digital services, which are still partially exempt from the legislation. The bill under discussion thus introduces new obligations for VPNs, encrypted messaging services, and cloud hosting providers, requiring them to retain connection metadata and transmit it to the authorities upon request.

This metadata does not concern the content of communications, but rather elements deemed equally sensitive: IP addresses, connection dates and times, recipients, and the approximate location of users. This metadata makes it possible, based on peripheral information, to reconstruct a person's digital activities and establish their contact networks.

A public outcry among digital stakeholders

Faced with this project, several leading Swiss companies in the digital sector quickly reacted. Infomaniak, an independent hosting provider based in Geneva, was one of the first to publicly denounce what it considers a serious attack on digital sovereignty and user trust. The company, which has built a reputation by opposing American cloud giants, fears that these new obligations will encourage customers, both individuals and businesses, to turn away from local services.

Proton, the company behind ProtonMail and ProtonVPN, has expressed similar reservations. Its strategy is precisely based on guaranteeing absolute confidentiality and on the Swiss legal framework, which has historically been more protective than that of many European countries. The company points out that this legislative revision could harm Switzerland's image as a digital haven, neutral and respectful of privacy.

Digital rights groups such as Digital Society Switzerland and Privacy International are also joining this protest movement. They fear that this reform will pave the way for widespread state surveillance and that the accumulation of metadata could be exploited for purposes other than those potentially intended.

Direct implications for Swiss businesses and citizens

This bill would have significant consequences for all Swiss businesses, particularly those that use cloud services or local VPNs to secure their data and infrastructure. They could face new compliance constraints, as well as legal and technical uncertainties regarding the confidentiality of their digital communications and transactions.

Some organizations are already considering reviewing their choice of infrastructure and technology partners. Some could migrate to foreign providers not subject to this regulation, while others could strengthen their encryption and internal storage solutions to limit their exposure. This revision could also influence the strategy of multinationals with subsidiaries or data centers in Switzerland, which until now relied on the Swiss framework to guarantee the confidentiality of their operations.

For individuals, the issue of metadata collection also raises concerns. Although it doesn't capture the content of communications, this information is revealing enough to provide a detailed behavioral profile. Many cybersecurity experts point out that metadata can be used to establish habits, movements, and personal or professional connections.

Burgeoning technological alternatives

In response to these developments, alternatives aimed at preserving the anonymity and confidentiality of communications are multiplying. Decentralized VPN services, such as NymVPN, that keep no connection logs, are beginning to emerge. Other initiatives focus on mesh networks, where data circulates encrypted and distributed among users, making it much more difficult to intercept.

At the same time, the use of self-hosted open-source tools and end-to-end encryption solutions is growing rapidly. Many companies are now opting for solutions such as NextCloud or Matrix, which allow them to maintain complete control over the data exchanged and stored.

A decision with international repercussions

The Swiss debate surrounding this law extends beyond the country's borders. In Europe, several states are closely monitoring the situation, particularly in the context of strengthening anti-terrorism and cybercrime legislation. Some fear that adoption of this text in Switzerland could serve as a model for other European countries, thus contributing to the widespread adoption of metadata surveillance.

Conversely, international NGOs specializing in digital rights advocacy hope that Switzerland will maintain its historic position as a guarantor of digital freedoms, thus providing a counterbalance to the legislative tightening observed elsewhere.

The revision of ...

... the Swiss law on digital surveillance marks a decisive turning point in the governance of personal and professional data within the country. It highlights the growing tensions between security requirements and individual freedoms in the digital age. While the Federal Parliament is expected to vote on the law by the end of 2025, the debate appears set to continue well beyond the vote.

The consequences for Switzerland's digital economy, its citizens, and its international image will be considerable. This case perfectly illustrates the dilemmas facing modern societies, where security and freedom now clash in the digital arena.

Sources:

• TechRadar : Infomaniak steps up fight with Proton over controversial Swiss surveillance law

• Swissinfo.ch — Surveillance et métadonnées en Suisse

• https://proton.me/blog — Privacy is a fundamental human right

• Digital Society Switzerland