Logo Logo
Cookiebot

Try our free compliance test to check if your website's use of cookies and online tracking is GDPR/ePR compliant.

The test also shows what data your website collects and which third parties it shares with, a requirement under the CCPA.

On 25 September 2020, the Federal Data Protection Act (FADP) was approved in Switzerland, replacing the previous 1992 Act. The new Swiss DPA will take effect in 2022.

Published November 17, 2021.


On 25 September 2020, the Federal Data Protection Act (FADP) was approved in Switzerland, replacing the previous 1992 Act. The new Swiss FADP will take effect in 2022.

If you have users from inside Switzerland, you will be required to obtain their explicit consent before processing personal data from them, e.g. through your use of cookies. In addition, if your website is hosted in Switzerland but has visitors from inside the EU, you are required to be compliant with the EU’s General Data Protection Regulation (GDPR) too.

In this article, learn more about how to make your use of cookies compliant with the Swiss Data Protection Act (FADP) and the EU’s GDPR with Cookiebot consent management platform (CMP).


The Swiss Data Protection Act (FADP), in short


On 25 September 2020, Switzerland adopted a new version of the Federal Data Protection Act (FADP), replacing the 1992 Act in order to reach a level of data protection equivalent to that of the EU’s GDPR.

Aligning its data privacy laws with those of the EU – namely the EU’s General Data Protection Regulation (GDPR) – was a driving force behind the revision of the 1992 Data Protection Act, ensuring continued flow of personal data in and out of Switzerland.

The result – the new Swiss FADP – is a data privacy law almost indistinguishable from its EU counterpart: it is a user-first data privacy law centered around consent that requires websites – regardless of where in the world they might be located – to not activate cookies that process personal data until Swiss users have given their informed and explicit “yes” to do so.

If your website has users from inside of Switzerland, being compliant with the new Swiss FADP is an obligation. Steep fines are levied against non-compliant domains. But the good news is, if you’re already compliant with the EU’s GDPR, you are almost certainly compliant with the Swiss FADP too.


Scan for free to see your website’s GDPR compliance level


Try Cookiebot CMP free for 30 days – or forever if you have a small website.



The new 2020 Swiss Data Protection Act (FADP) will come into force in 2022 without a grace period.

The new 2020 Swiss Data Protection Act (FADP) will come into force in 2022 without a grace period.



Switzerland’s Data Protection Act (FADP), quick breakdown –


Scan for free to see your website’s GDPR compliance level


Try Cookiebot CMP free for 30 days – or forever if you have a small website.


Swiss FADP compliance with Cookiebot CMP


Cookiebot CMP is a world-leading solution for making your website compliant with major data privacy laws, including the EU’s GDPR, Switzerland’s FADP, California’s CCPA/CPRA, Brazil’s LGPD, South Africa’s POPIA and many others.

Built around an unrivalled scanning technology that is able to scan and find all cookies and similar trackers in use on your website, Cookiebot CMP provides full transparency and control to your end-users, allowing them to make an easy and fast choice of consent, and enabling complete compliance for your website in the meantime.

Balance data privacy and data-driven business on your website with highly customizable consent interfaces, automatically generated cookie policies and regular renewal of end-user consent.

The geotargeting feature of Cookiebot CMP automatically determines where in the world a user of your website is located, e.g. in the EU or in Switzerland, and presents the correct compliance solution automatically.

The geotargeting feature of Cookiebot CMP automatically determines where in the world a user of your website is located, e.g. in the EU or in Switzerland, and presents the correct compliance solution automatically.


The new Swiss Data Protection Act (FADP), in detail


Let’s have a closer look at the Swiss FADP and its requirements for your website.


Swiss FADP on consent, pre-ticked boxes and cookie walls

Under Switzerland’s Data Protection Act (FADP), websites that process personal data from users inside Switzerland must first obtain the prior, freely given, informed and explicit consent from those users in order to do so.

This includes cookies that are not strictly necessary for the basic function of your website, but which process personal data for other purposes, such as analytics or marketing.

Consent to cookies is only valid if it is a real choice, i.e. if the user consents without coercion, pressure or other external influence. This means that a user who refuses a cookie that requires consent should not be denied certain services or benefits, such as access to the site.

When a user refuses cookies, they should not be exposed to any negative consequences and should be able to continue accessing the website.

Like the EU’s GDPR, the Swiss FADP requires that end-user consent to cookies be specific, i.e. the user's consent must be sought for each type of purpose pursued by cookies.

Consent cannot be given for a general use of all cookies without further specification of what data is collected via those cookies and for what purposes. Rather, the Swiss FADP requires a more detailed choice than a simple "all or nothing", i.e. consent for each category of cookies.

Under the Swiss FADP, users should be as easily able to withdraw their consent as they were in giving it.



The Swiss FADP breaks with its older 1992 version to provide EU-adequate data protection level.

The Swiss FADP breaks with its older 1992 version to provide EU-adequate data protection level.



Consent information should be visible, complete and noticeable. It should be written in simple terms that any user can understand and be available in all the languages of the website, e.g. if the website is aimed at a French- and German-speaking audience, the information on the consent banner should be written both in French and in German.

This information is usually grouped in a website’s cookie policy and should include:


Get an automatic cookie policy with Cookiebot CMP


Try Cookiebot CMP free for 30 days – or forever if you have a small website.


FDPIC recommendations on web tracking in Switzerland


In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) is responsible for monitoring the compliance of companies and organisations with the Federal Data Protection Act (FADP)

The FDPIC has published guides for how your website use web-tracking tools to monitor user activity on your domain in a way that is compliant with the Swiss FADP.

Your website’s end-users must be informed in a transparent manner about the fact that their personal data is collected, the purpose of the data processing, the analysis of the data and the possibilities given to the user to object to tracking.


Learn more about how to make a cookie policy for your website


In the case of sensitive personal data, end-users must explicitly confirm that they have been informed and that they agree to web-tracking, for example by a mouse click.

The FDPIC states that you, as website owner or operator, are responsible for any processing of personal data from individuals inside Switzerland, even if you are using web tracking service providers. Additionally, the FDPIC points out that even the processing of a user's IP address is subject to the Federal Data Protection Act, since this address is considered personal data.

The FDPIC also states that when using cookies for web-tracking purposes, a website operator must take into account the requirements of the ePrivacy Directive of the European Parliament and of the Council concerning the processing of personal data as well as the protection of privacy in the electronic communications sector.

Are you unsure whether your website complies with the ePrivacy Directive? Test your website for free with the Cookiebot CMP compliance test.


Transfer of personal data between the EU, the US and Switzerland

On 16 July 2020, the Court of Justice of the European Union (CJEU) ended the Privacy Shield, which until then allowed data transfers from the EU to the US.

The CJEU requires data controllers to assess the level of data protection in the recipient's country and suspend the transfer if such country is found to be inadequate. EU-Swiss transfers are also subject to these requirements as well.



The EU-US and Switzerland-US Privacy Shield has been deemed inadequate.

The EU-US and Switzerland-US Privacy Shield has been deemed inadequate.



On 8 September 2020, following an evaluation of the EU-US Privacy Shield, the Federal Data Protection and Information Commissioner (FDPIC) also declared the Swiss-US transfer regime inadequate.

In line with the CJEU, the FDPIC found that the level of data protection in the US was insufficient and the transfer mechanism under the Swiss-US Privacy Shield was invalidated.


Learn more about the Switzerland-US Privacy Shield decision


Google Consent Mode and Cookiebot CMP

With Google Consent Mode and Cookiebot CMP, you can make all your website’s Google-services run based on the consent state of your end-users – full GDPR compliance with optimized analytics data and ads revenue through in one simple solution.

Cookiebot CMP manages the consent of your website’s users, and communicates the consent states to the API running Google Consent Mode which then governs all your favorite services (like Google Analytics and Google Ads) based on the consent state of each individual user on your website.

Did a user not consent to statistics or marketing cookies? Cookiebot CMP informs Google Consent Mode which then makes sure that you still get aggregate and non-identifying insights into your website’s performance and the possibility of showing contextual ads instead of targeted ads – respecting user privacy while optimizing your website.

With Cookiebot CMP and Google Consent Mode, get instant and simple GDPR compliance plus optimized analytics data and ads revenue in one solution.


Get started with Google Consent Mode


Scan your website for free to see what cookies and trackers are in use


Try Cookiebot CMP free for 30 days – or forever if you have a small website.


Swiss FADP, summarized


In this blogpost, we looked at the new Swiss FADP, coming into effect in 2022, and its requirements for your website’s use of cookies and trackers that process personal data from users inside Switzerland.

Formed in the shape of the EU’s GDPR and adopting a lot of its core definitions, the Swiss FADP is a consent-centric data privacy law that requires your website to obtain the explicit “yes” or “no” to cookies and trackers on your domain from each end-user that you process personal data from.

Like its EU sibling, it also comes with several other requirements for your website, e.g. to have an up-to-date cookie policy available to your end-users and to renew consents on a regular basis.

Cookiebot CMP is a plug-and-play solution that automated this entire process for you – simply sign up and implement Cookiebot CMP straight from the cloud with a few lines of JavaScript.


FAQ



What is the Swiss Data Protection Act (FADP)?

The Swiss FADP is the data privacy law of Switzerland which regulates the processing of personal data from individuals inside Switzerland. It requires any website in the world with users from inside Switzerland to first obtain their explicit consent before processing any personal data from them.

Try Cookiebot CMP free for compliance with the Swiss FADP


Is Switzerland covered by the GDPR?

Yes, if your website located inside Switzerland processes personal data from users inside the EU, the General Data Protection Regulation (GDPR) applies and you are required to obtain the prior consent before being legally allowed to process or share any personal data.

Try Cookiebot CMP free for 30 days... or forever if you have a small website.


Does Switzerland have an EU adequacy decision?

Yes, Switzerland is among the countries that the EU has granted an adequacy decision to, meaning that the EU has deemed Switzerland’s level of data protection as essentially equivalent and ensuring the continued free flow of personal data across the two regions.

Scan your website for free to see all cookies and trackers in use


What is a Swiss FADP compliant cookie banner?

A consent banner on your website should contain easy-to-understand information about your website's cookie settings and personal data processing practices. A valid consent banner should not have pre-checked checkboxes (cookies enabled by default), should not push or force users to give consent (cookie walls), and should not interpret user activity such as scrolling or continuing to browse the domain as consent.

Try Cookiebot CMP free for 30 days – or forever if you have a small website.


Are cookie walls legal in Switzerland?

There is no special legislation on cookie walls in Switzerland. However, as many Swiss websites receive users from the EU, it is recommended for Swiss websites to follow the European Data Protection Board (EDPB) guidelines on valid consent in the EU, which define that cookie walls that condition consent on access to a website are an unlawful means of obtaining consent. Instead, consent must be granular and freely given. Users should be able to choose between some cookies and not others when giving consent.

Try Cookiebot CMP free for 30 days – or forever if you have a small website.


Resources


What is the GDPR?

GDPR and cookie consent

EDPB guidelines on cookies and other trackers

ePrivacy Directive

Website of the Federal Data Protection and Information Commissioner (FDPIC)

FDPIC explanation of webtracking (in French)

Federal Data Protection Act (FADP) (in French)

CNIL guidelines on the use of cookies in France (in French)

Planet49 and valid cookie consent in the EU

Cookiebot™ & Usercentrics 

Usercentrics & Cookiebot™ unite

Make your website’s use of cookies and online tracking compliant today

Try for free