Switzerland’s new data retention law, set to take effect September 1, updates the country’s privacy regulations to align with the EU’s GDPR, strengthening user rights and data protection standards. However, critics, including Proton CEO Andy Yen, argue the law doesn’t go far enough and contains loopholes that could still permit surveillance. While the revised Federal Act on Data Protection (revFADP) requires explicit user consent for data processing and enhances transparency, it also includes provisions allowing data processing for ‘overriding interests’ without consent, a clause privacy advocates fear could be exploited. The law also stops short of providing the robust, privacy-by-design protections seen in the GDPR, leaving users vulnerable. Proton, a company known for its privacy-focused services, has been a vocal critic, highlighting the continued risks of state-sponsored surveillance under the new legal framework.