On 31 March 2026, the Federal Data Protection and Information Commissioner (FDPIC) published a reminder concerning the use of cookies and online tracking technologies.
This document provides guidance for websites operating in Switzerland and their visitors. It focuses on how these tools are used to collect and process users’ data, as well as on the legal obligations relating to consent. In particular, the FDPIC distinguishes between cookies that are necessary for the functioning of the website, analytics cookies and profiling cookies, explaining the differences in legal requirements depending on the type of cookie used.
The Swiss approach: “opt-out” rather than explicit consent
The reminder highlights that the Swiss legal framework is more flexible than the EU framework, favouring an “opt-out” mechanism as opposed to the explicit consent required under the GDPR.
Unlike EU Member States, where the GDPR requires the user’s explicit consent before cookies are used, Switzerland applies a less stringent approach. On the basis of the Federal Act on Data Protection (FADP) and Article 45c of the Telecommunications Act (TCA), the FDPIC reiterates that the use of cookies in Switzerland is permitted, provided that an “opt-out” mechanism is available. In practice, users may access and browse a website while implicitly accepting the use of cookies, unless they choose to disable them. This possibility to object to processing through cookies is precisely what is meant by “opt-out”.
The consent requirement
Although the general approach is based on the possibility to refuse cookies through an “opt-out” mechanism, there are exceptions. The Federal Commissioner indicates that, under Swiss law, explicit consent is required where data processing through cookies is considered unexpected, high-risk or concerns particularly sensitive data. In such cases, the website must obtain explicit confirmation from the user before proceeding.
Swiss websites adapt to European standards
Although the Swiss legal framework provides for a less restrictive approach than the European one, many Swiss websites have decided to align themselves with EU rules. As a result, it is now common to find consent banners offering users several options. The FDPIC’s reminder lists three options: “Accept all”, “Customise settings” and “Reject all”. These banners allow users to freely express their cookie preferences, in compliance with the principles of transparency and data protection.
Online privacy: be appropriate, transparent and compliant
The FDPIC reminder of 31 March 2026 represents an essential clarification for those managing websites in Switzerland. Despite the greater flexibility compared with the GDPR, the voluntary alignment of many Swiss websites with European standards reflects increasing attention to users’ privacy. Website operators are encouraged to review their practices in order to ensure transparency and compliance, and to consult the official document to avoid sanctions. In an increasingly pervasive digital era, these guidelines strengthen trust between users and platforms.
