🗓️ Community call #2609: Your Privacy, Swiss Law, and a Proposed KYC Mandate with Dr. Simon Schlauri

General
1

:spiral_calendar: Community call #2609: Your Privacy, Swiss Law, and a Proposed KYC Mandate with Dr. Simon Schlauri

1280Ă—720 184 KB

Hey Nymsters!

This week’s call was a deep dive into the legal landscape of Switzerland - home to Nym, Proton, Threema, and many other privacy-first companies. We were joined by Prof. Dr. Simon Schlauri, a Swiss attorney at law specializing in IT and telecoms law, professor at the University of Zurich, and digital rights advocate.

Big thanks to everyone who joined live and asked questions!

:switzerland: Switzerland’s Privacy Reputation - Fact or Fiction?
Sudo kicked off by asking the obvious question: Switzerland has a global reputation as a privacy haven - but is it deserved?

Simon confirmed that yes, it’s largely accurate:

  • Swiss data privacy law is on par with GDPR (the gold standard)
  • The country is governed by the rule of law - courts work, appeals are possible
  • He personally has won cases against the federal administration defending privacy

“We have a constitution that protects privacy. As a company, you can appeal against surveillance steps and find ways out.”

But it’s not perfect. Switzerland still has mandatory data retention for 6 months for traditional telecom operators (phone calls, IP addresses). This is currently being challenged before the European Court of Human Rights - a case brought by Simon’s colleagues.

:eu: Switzerland vs EU: Who’s Better?
Sudo contrasted the EU’s split personality (GDPR on one hand, Chat Control on the other) with Switzerland’s approach.

Simon pointed out a key difference: direct democracy. In Switzerland, major surveillance expansions would need to pass a public vote - and he’s not sure they would.

“There’s an additional border you’d have to cross - and it might be difficult to cross.”

:warning: The Controversial Ordinance - What’s Happening?
The main topic of conversation was a proposed ordinance that would require “over-the-top” (OTT) service providers (VPNs, chat apps, etc.) with more than 5,000 users worldwide to:

  • KYC their users (collect government ID)
  • Store metadata for 6 months
  • Remove encryption applied by the provider (not end-to-end encryption applied on user devices)

The backlash was massive. Proton publicly threatened to leave Switzerland. The consultation was “extremely negative” except for police representatives. Politicians got involved, warning about damage to the Swiss economy and digital sovereignty.

Simon: “If we introduce rules that don’t allow such services anymore, this is critical for the Swiss economy. There’s money to be made in privacy - and if they throw these companies out, the economy will suffer.”

Current status:

  • A new draft was published - but it only raised the threshold to 10,000 users, still “ridiculously low”
  • A regulatory impact assessment is underway, surveying affected companies (including Nym)
  • Simon now sits on the advisory body drafting the ordinance, ensuring technical expertise is present

Will it pass?
Simon is cautiously optimistic but realistic:

  • The government (not parliament) enacts ordinances, and the surveillance administration is “quite pro this”
  • But the political pressure is real - newspapers, parliamentary motions, and companies threatening to leave
  • And if it passes, courts will likely strike it down

“There’s still a good chance this will be overturned by the courts.”

:bank: Targeted Surveillance vs Mass Surveillance
Sudo made a crucial distinction that often gets lost on lawmakers:

“Very few people would disagree with targeted, warrant-based surveillance of actual criminals. But mandating companies to perform mass surveillance on everyone - that’s where the danger lies.”

Simon agreed completely, noting that mass data retention (like Switzerland’s 6-month rule for telecoms) has already been ruled illegal by the EU Court of Justice. The same logic should apply here.

:bar_chart: The Frog in Boiling Water
Sudo asked the big-picture question: Is this trend of institutionalized surveillance unstoppable?

Simon offered a nuanced view:

  • The good: Privacy awareness is growing. Even a barkeeper in Zurich asked him about privacy when he tried to pay with his watch. The Swiss digital ID was designed as open source with public scrutiny.
  • The bad: Big telecom companies stay silent. They don’t oppose surveillance expansions — perhaps afraid of being seen as “pro-criminal.” This gives politicians cover.

“It’s like the frog in cold water that gets heated slowly. You have surveillance, then a new step, then another - it becomes usual. That’s a real risk.”

But there’s hope: Small, principled companies (Nym, Proton, Threema, Unit7) are fighting back in courts and public discourse. And users have power too - switch providers, send emails, make privacy a reputational issue.

Simon: “If a big provider says they don’t care about privacy - that’s a matter of reputation. It could gain momentum.”

:question: Community Q&A

Q: Can a decentralized protocol comply without compromising integrity?
Simon: Nym’s decentralized structure is a natural defense - node operators are scattered worldwide, most are too small to meet thresholds, and they don’t have the data anyway.

Q: What laws would you pass if you ruled the EU?

“I would pass an article in the basic EU agreement that prohibits Chat Control.”

Q: What happens to Nym, Proton, etc. if this passes?

“Some companies have announced they will leave Switzerland.”

Q: Would users just have to accept it?
Simon acknowledged the network effect problem but emphasized: use privacy-first apps with your inner circle, and privacy awareness is growing - it’s becoming easier to convince others.

“You need laws that protect us as citizens from companies that go too far.”

:gift: Announcement: NymVPN Referral Program & Squad League Rewards
Before wrapping up, Sudo dropped some alpha:

  • NymVPN referral program is launching soon - refer friends, get extra months
  • For Nym Squad League participants: the reward pool is going 10x, from 50,000 NYM to 500,000 NYM if you play your cards right
  • Referrals made now will count toward the next season (starting April)
  • Physical prizes are also coming

:closed_book: Bonus: Net Neutrality
The POAP password was “Net Neutrality” - leading to a quick discussion. Simon explained that in Switzerland, net neutrality is enshrined in law and enforced. ISPs cannot block or throttle specific services.

Sudo noted that for Americans watching, this sounds like a dream - net neutrality was killed under the Trump administration and still hasn’t returned.

:stopwatch: Timestamps

  • 00:01:51 — Simon’s intro: privacy lawyer & tech background
  • 00:05:31 — Is Switzerland really a privacy haven?
  • 00:08:51 — Why privacy companies choose Switzerland
  • 00:13:41 — The controversial surveillance ordinance explained
  • 00:22:52 — Encryption removal vs end-to-end encryption
  • 00:26:54 — Targeted surveillance vs mass surveillance
  • 00:32:07 — What’s changing in the new draft?
  • 00:35:29 — Will it pass? Simon’s crystal ball
  • 00:38:15 — The global trend: frog in boiling water
  • 00:46:19 — Q&A starts
  • 00:54:44 — Referral program & Squad League announcement
  • 00:57:12 — POAP & net neutrality discussion

Watch the full recording

Huge thanks to Prof. Simon Schlauri for the illuminating conversation - and to everyone who tuned in!

See you next week! :green_heart:

2 Likes