Hi Benoit, this is indeed an interesting question, and you can probably find your answers here: https://www.li.admin.ch/de/themen/das-neue-buepf
In particular, the PDF "Information sheet on TSPs and PDCSs" should be interesting: https://www.li.admin.ch/sites/default/files/2019-04/04_2019_Merkblatt_FDA_AAKD_EN.pdf Even if ProtonMail has to register as a TSP (I do not know as I didn't verify that in detail), if their annual turnover is <100M CHF they don't need to keep logs for 6 months (as long as they requested a downgrade to the PTSS for a reduction in the extent of the obligations). If they are registered as a TSP (you can check that here https://www.eofcom.admin.ch/eofcom/public/searchCatalog.do ) then they need to register their customers by name. But even if they do that, they have no obligation (on the contrary, they are not even allowed!) to tell you who the customer is. If you felt bothered by the mass advertisment email, you may take legal steps, and if necessary, the autorities will request the customer name to ProtonMail via an official request through PTSS. There's no such thing as self justice (as in "I ask you who the customer is and you tell me"). We as an ISP are not even allowed to tell the police who a certain customer is, unless the request comes in through PTSS via the official request forms (or their online tool). Regards Manuel On 17.06.19, 15:07, "[email protected] on behalf of Benoit Panizzon" <[email protected] on behalf of [email protected]> wrote: Hi List Lately we received mass advertizement emails sent via protonmail.com an email provider offering freemail and commercial email accounts. One of the first statements on their website is: Quote: "ProtonMail is incorporated in Switzerland and all our servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws" So I suppose, as we other ISP all do, they have to keep logs for 6 months and are required to somehow verify the identity of their customers prior to offering them a service. So I asked them to provide the identity of their 'mass advertizement' sending customer to ask this customer for a proof of opt-in or existing customer relationship, as intended by swiss privacy laws. They promptly terminated the account in question, but stated that they do not keep any logs and have no means to identify whom the account belongs to. => is this legal? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog [Microsoft Teams Direct Routing]<https://www.netstream.ch/microsoftteams/?utm_source=email&utm_medium=signature&utm_campaign=microsoftteams> Ihre Anbindung ans öffentliche Telefonnetz. Microsoft Teams Direct Routing<https://www.netstream.ch/microsoftteams/?utm_source=email&utm_medium=signature&utm_campaign=microsoftteams> _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
