On February 3rd, 2025, the Swiss Federal Data Protection and Information Commissioner (FDPIC) released new guidance on cookie usage in Switzerland. While this is not legally binding, it provides insight into the authority’s intended direction and the future of cookie consent practices in the country.
Swiss cookie regulations are primarily governed by two laws:
These laws form the basis for the authority’s stance on cookies and their implementation on websites.
The FDPIC clarified that while consent is one legal basis for cookie processing, companies can also rely on overriding private interests in certain situations. This approach differs from the strict consent requirements of the EU’s GDPR.
The guidance classifies cookies based on their necessity:
The authority clarified that while consent is one legal basis for cookie processing, companies can also rely on overriding private interests in certain situations. This is a significant difference from the strict consent requirement seen in the EU’s GDPR and might affect how CMPs are implemented in Switzerland.
Key Takeaway: CMPs may accommodate scenarios where companies rely on private interests rather than consent for specific cookie categories, especially functional cookies and basic analytics, though this is context-dependent.
The guidance notes that in some cases, prior blocking of cookies may not be necessary, particularly for cookies deemed essential, such as functional or basic analytics cookies. This could offer flexibility in implementation for companies operating in Switzerland.
Key Takeaway: Companies should assess the type of cookies they use and determine whether prior blocking is needed, keeping in mind that the guidance suggests a more flexible approach than the EU standards.
The guidance clearly states that companies must provide users with an easy way to withdraw consent or opt out. Under Swiss law, the opt-out principle is fundamental, meaning that prior opt-in does not override the right to opt out. This distinguishes Swiss regulations from those in the EU and ensures ongoing compliance with privacy requirements.
Key Takeaway: Ensure that your CMP offers an intuitive, accessible mechanism for users to withdraw consent, opt out or adjust cookie preferences at any time.
The Swiss authority follows EU guidelines by prohibiting dark patterns, which are manipulative designs that trick users into consenting to data processing. CMPs must be designed with transparency and simplicity, avoiding confusing or coercive tactics.
Key Takeaway: When designing your CMP, avoid using misleading language or designs that might pressure users into accepting cookies.
The guidance does not delve deeply into the specifics of CMP user interface design but highlights that any solution must align with these principles. Companies have some flexibility in how they implement CMPs, but they must ensure compliance with the general principles of transparency, simplicity, and user control.
While the Swiss authority’s guidance provides more flexibility in CMP implementation, it’s crucial to remember that the guidance is not binding. With the guidelines now available, it’s the right time for companies to consider implementing a CMP.
Companies retain autonomy in their approach to cookie consent management and should stay informed of evolving regulations to ensure compliance and maintain user trust.