They can be blackmailed but can't be gagged as any request for a person's data (including access to it) from a Swiss company MUST go through Swiss court. And even gag orders can't compel someone to break the law. Same situation as three letter agencies requesting EU data from Microsofts' datacenter in Ireland, which whilst it is an American company (and thus they are obliged to deliver by law) is illegal under EU and Irish law, thus preventing Microsoft from giving said data without breaking the law.

You seem to have a lot of faith in the law and legal process, and assume everyone else does.

Laws are a high latency side-chain of authority; a guide perhaps; and for some a business opportunity.

And then we have Organised Crime, moles, plants; informants, sympathesiers, casual snitches, quadruple agents, the desperate, and machine learning eating meta-data for breakfast.

If you've got something to hide "it's not legal for support staff to [whatever]" is most definitely not a security measure.

It has kept Microsoft from sharing its EU data with American agencies so far.. and considering Microsoft has been under the microscope (haha) since it's EU antitrust suit I don't think they could pass the data without some serious ramifications. As far as ProtonMail goes.. well they certainly could force the support employees somehow, but if that ever gets out there would again be serious ramifications. Plus, why do you think the US Enterprise IT services/hardware industry took a serious hit when all the NSA leaks happened? What do you think will happen if it gets out that the US is even forcing foreign companies to obey to US law? I'm not counting on the NSA to behave - I'm counting on America as a whole to be greedy and put business above enforcement.

>It has kept Microsoft from sharing its EU data with American agencies so far..

At least publicly. Behind the scenes there could be a sharing bonanza for all we know.

And you seem to be painting Swiss legal system with the exact same brush as the USA governmental and legally sanctioned framework for spying on people.

The Swiss legal system doesn't have to be involved at all if they can get the data directly from the US datacenters, no matter what the Swiss law and/or international treaties say is the "formal" process.

I believe the point is that there are no US data centers. And protonmail states all the data is encrypted anyway and never decrypted on their servers (obviously except the initial receive/send of the mail).

Do you think that really matters ?

It's a start. It's better than nothing, unfortunately.

>They can be blackmailed but can't be gagged as any request for a person's data (including access to it) from a Swiss company MUST go through Swiss court.

LOL.