Greetings from Brussels,

There is an interesting, or should I say intriguing, story emanating from Switzerland this week. It has all the elements of a good thriller for you privacy pros: surveillance, people’s power, encryption email, and crowdfunding. ProtonMail, the Swiss-based email service provider launched in 2014 under the pledge to keep the spooks out of your mailbox, is calling upon Swiss citizens to exercise their rights to force a referendum to challenge an imminent threat to their privacy. Let’s not forget this is a country that has enjoyed a historically rich politically neutral and privacy-focused climate.

Let’s rewind a little. ProtonMail’s pro-privacy idea of developing an easy-to-use end-to-end secure email service was the brainstorm of a group of scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online; at least that’s the claim. Interestingly, a number of key management, including one of the co-founders and CEO, worked together at The European Organization of Nuclear Research, better known as CERN. Their stated mission and goal at the time of launch was to make privacy accessible again. They turned to crowdfunding to raise development capital for their product, successfully raising a half a million dollars in six months, five times more than expected. They have been gaining momentum ever since.

Fast forward to the Swiss government proposing the Nachrichtendienstgesetzt — a bill to create a "mini NSA" with the power to effect warrantless mass surveillance, including hacking residents’ computers. The company called on its users and supporters to petition the government for a referendum on the law. Switzerland, as you may know, is relatively unique among modern democratic nations in that Switzerland practices direct democracy in parallel with representative democracy. The Swiss Constitution allows the electorate to force a national referendum on proposed legislation by gathering 50,000 signatures. ProtonMail set to work, joining forces with CCC Switzerland, Digitale Gesellschaft Switzerland, and the Pirate and Green parties, to collect more than 70,000 signatures. Objective achieved, and the proposed law cannot take effect until, and unless, the government holds and wins a referendum. Direct democracy in action. Ironically, at least prior to the proposed bill, being based in Switzerland was a security feature in its own right. Switzerland is famous for giving extreme deference to corporate privacy rights.

Of course, this week we are celebrating the 10th edition of Data Protection Day. So give a thought to Convention No. 108 of the Council of Europe for the protection of individuals with regard to automatic processing of personal data (of 1981), which was the first legally binding international instrument with worldwide significance on data protection. This critical treaty is seen by many as the catalyst and backbone of the state of play of data protection and privacy as we know it today in Europe. The Swiss story is just another illustration of how far we have come, but also how far we may still need to go. The result is that they have forced the privacy issue to a public vote, arguing that these decisions should be made based on public — not simply political — will. What we are learning from the Swiss here is that it pays to stay informed, and be heard.