Cookie banners in Switzerland – What you need to know

Switzerland, once the land of mountains, clocks, cheese, and chocolates, is now a place where cookies take center stage – or the rules surrounding them, at least. The Northern European country has made significant changes to its data privacy laws over the past few years and most recently implemented an update with serious implications for websites that use third-party tracking technologies like cookies. This article will provide an overview of current cookie regulations in Switzerland and outline what you need to know in order to stay compliant.

Cookie banners in Switzerland – What you need to know about the nFADP, the Swiss Data Privacy Law

What are Cookies, Anyway?

Let’s start off by clarifying a common point of confusion: In the context of data privacy, ‘cookies’ doesn’t refer to baked goods. It’s rather a term used to define small pieces of data stored on a user’s computer browser (Google Chrome, Mozilla, etc.) by the websites they visit.

Cookies are used to remember information about you, such as your site preferences and account settings. They can also be used for tracking purposes, allowing sites to collect anonymous usage stats or targeted ads based on your browsing history with that particular website. For example, if you’ve been shopping online for shoes recently and then revisit another shoe retailer’s website later in the day – chances are it will display an advert for the shoes you were just looking at.

Cookies: The Good, the Bad, and the Consequences

There are two primary types of cookies: technically necessary and technically unnecessary cookies. The former category is hard to argue with. Site operators need first-party cookies to correctly render a website and remember user settings, which makes for a better user experience. Similarly, third-party cookies are sometimes necessary to enable certain features – such as an embedded YouTube video or sharing buttons on social media.

On the other hand, what experts deem ‘unnecessary’ cookies can be used for more commercial reasons or even potentially infringe on individuals’ rights to privacy. These are the kind that most data protection regulations seek to police.

Cookies aren’t all bad – as a website user, you benefit from a better customer experience when they’re enabled. Site operators also find great value in using them for analytical and marketing purposes. Where things get controversial is targeting. People have become cognizant of the fact that companies can use cookies to monitor browsing behavior and target ads, and they don’t like it. This puts lawmakers in a position to implement guardrails to protect consumers from being tracked online without their consent. If you would like to know more about all types of cookies read our articles ‘What are cookies ?’ and ‘Local Storage and Cookies: The Pillars of Web Storage’

A Refresher on the GDPR

The ball that really got everything rolling for data privacy rights, the General Data Protection Regulation is a broad-reaching law that was established to protect the privacy of EU citizens online. It’s been around since May 25, 2018, and has set standards around the world since.

One of the most characteristic elements of the GDPR is its prescribed method of consent (cookie consent), the opt-in principle. This requires websites to assume individuals do not consent to the use of cookies until they have expressly given their permission through a cookie banner.

Does the GDPR Affect Switzerland?

It’s worth noting that the GDPR only applies to member countries in the European Union, which Switzerland is not a part of. However, the Swiss government has implemented a data protection law similar to the GDPR in order to protect its citizens’ online privacy.

The majority of the country’s data and cookie policy comes from the Telecommunications Act, which was first introduced in 1997 and recently updated in 2021.

According to Swiss law in Art. 45c lit. b of the TCA, website operators in Switzerland are obligated to inform visitors about their use of cookies, the purpose of that use, and provide individuals with a way to opt-out of cookie use. This is different from the EU’s opt-in framework; instead, Swiss authorities simply expect operators to remain transparent about the scripts they run on their sites.

In its fall 2020 session, Switzerland’s Parliament passed the new Act on Federal Data Protection (nFADP) to broaden the country’s existing protections on data collection and consent. The nFADP aligns more closely with the GDPR with respect to specific terminology, definitions, and privacy expectations for online processors, but comes short of changing consent to be opt-in.

Obligations for Swiss Website Operators

Just because Switzerland doesn’t mandate opt-in processes like cookie banners doesn’t mean that Swiss businesses are free to go without them altogether. In virtually all cases, they will still need to request consent from users who visit their site from EU member countries.

The process of doing so isn’t as difficult as it seems; the easiest way to set up a cookie banner is to invest in a Cookie Management Platform like CookieFirst. Our tool integrates with your website, allowing you to customize the banner message and track user responses in real time.

It’s a wise investment considering the consequences that can come with violating Switzerland’s cookie ordinances – a fine of up to CHF 5,000!

The CookieFirst WordPress plugin is GDPR-compliant to ensure you’re always safer than sorry when it comes to data privacy law. Download it here to put your Swiss and EU operations on autopilot today.

Wrapping Up

The days of cookies only coming in chocolate chip and raisin varieties are far behind us. In the twenty-first century, managing the digital kind — the ones that track visitors’ activities online — will be a defining challenge for online businesses.

Hopefully, this article helped get you up to speed on the basics, but to ensure you’re in full compliance with Swiss law as it relates to the use of cookies, engaging a qualified lawyer or data protection consultant is always recommended.

CookieFirst offers a breadth of cutting-edge solutions for modern business owners who want to insulate their risk against data privacy regulations in Switzerland and beyond. Explore what we can do for you today.