Whether you're a VPN veteran or have just started to look into the world of VPNs because of their impressive Black Friday discounts, you probably know that there are many factors to consider when choosing a VPN.
You need to consider factors like speed, unblocking capabilities, the strength of its encryption protocols, and whether its no-log policy has been audited by an independent third party. However, while these are all important, you absolutely shouldn't forget to also assess the jurisdiction the company running the VPN is based in.
The jurisdiction refers to the country where a VPN is legally based and defines the laws the company must follow when it comes to factors like data retention obligations, government oversight, and surveillance regulations.
That's exactly the reason why some of the very best VPN providers have decided to base their VPN operations in countries outside the Five Eyes, Nine Eyes, and Fourteen Eyes alliances, which are notorious for their surveillance overreach.
Likewise, you shouldn't be picking a VPN (or any other security software for that matter) that operates under the laws of authoritarian nations like China, where companies are subjected to strict data retention and sharing obligations.
Which VPN jurisdictions protect privacy?
Currently, the best privacy jurisdictions for VPNs include Panama and Switzerland. Both countries boast strong privacy laws, zero mandatory data retention regulations, and they sit outside the most intensive nation-state surveillance agreements.
Even better: three top-tier VPNs based in these data havens are discounted as part of this year's Black Friday sales.
Best Panama-based VPN:
Best Swiss VPNs:
Looking ahead
It's worth noting that Switzerland is currently considering expanding its surveillance law in ways that could seriously affect tech providers' obligations, including VPNs.
Specifically, the amendment seeks to expand surveillance obligations that are now reserved for telecom networks and internet service providers (ISPs), to target so-called "derived service providers." This categorization would include any online service with a turnover of $100 million or more than 5,000 active users.
This means virtual private networks (VPNs), messaging apps, cloud services, and social network companies may have to start complying with surveillance requirements and retain users' data.
The amendment could also mean VPN companies will be required to collect specific metadata so that authorities could use these details to retrospectively identify people's internet connections.
Lawmakers ran a public consultation until May 6, 2025, and they are now expected to make a decision based on the feedback received.
The vast majority of Swiss privacy tech companies have strongly criticized the amendment. Proton VPN and NymVPN have also confirmed to TechRadar that they are ready to leave Switzerland if the law passes. Given this "legal uncertainty," Proton has already started to make some changes, with its private AI chatbot Lumo being the first product to move home.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
