ENG

Switzerland

Can you place cookies without consent?

Yes, in principle.

Swiss law requires that the user of the device (on which the cookies will be placed) be informed:

  • about the use of cookies;
  • about the purpose for which the cookies are used; and
  • that they can refuse the use of cookies.

The same rule applies to similar technologies, which store data on a device.

However, consent may be required based on data protection law. Whether consent is required depends on the concrete facts of the case in question (e.g. purpose of processing, scope of data collected, transfers to third parties, etc.)

Are cookie rules (whether specific or within general data protection laws) followed in practice?

Not consistently. In a considerable number of cases, the relevant regulation of the European Union (i.e. PECR) is followed. However, in other cases, there is no compliance with the applicable rules.

Are there any exemptions if consent is required?

N/A

Can you place the following cookies automatically:

i. Analytics cookies, ii. Advertising cookies, iii. Social media cookies

Yes, provided that the processing of personal data complies with general data protection principles (transparency, proportionality, data minimization, etc.).

For advertising cookies and social media cookies, we generally recommend obtaining consent.

Are you able to gain consent without a user ticking ‘accept’, i.e., imply consent from a user continuing to browse the site?

Implied consent is acceptable in principle. However, processing of sensitive data and high-risk profiling activities require explicit consent. Generally, we recommend against relying on implied consent.

Can you set cookies without a cookie notice? 

No. While there is no explicit requirement to have a "cookie notice" as such (or to call it "cookie notice"), there are certain minimum information requirements that must be fulfilled (see answer to question 1).

Can you set cookies without a cookie banner/ management tool?

Yes, while we recommend having a cookie banner (and it is best practice/ market standard), there is no explicit requirement.

Are you able to use cookie walls? 

Yes, in principle.

It is possible that the data subject would argue that the consent was not freely given. However, the associated risk appears to be low (there is currently little to no enforcement in this regard and we do not expect this to change in the foreseeable future).

Is the local regulator currently enforcing decisions against breaches of cookie rules?

While enforcement is not excluded in theory, we see very little enforcement actions.

Are there any current consultations relating to ad tech/cookies?

There are no such ongoing (or announced) consultations.

Are there any anticipated changes to the rules and/ or have there been changes to the attitudes in the market (for example, case law or industry body decisions)?

There are no anticipated changes to the statutory rules.

Please note that the Swiss Federal Data Protection and Information Commissioner (which is the Swiss Federal Supervisory Authority in data protection matters) has announced its intention to publish guidance on cookies and data protection aspects (such as privacy by design / by default considerations). It is possible that this guidance may lead to a different assessment regarding some of the points mentioned above. While this guidance does not produce immediate legal effect, it is likely that courts would follow it (and therefore, it is recommended to comply with the guidance). The timing regarding this guidance is not clear.

Concerning changes to the attitude of market participants:

Enforcement actions in the EU often lead to changes in behaviour by large multinational organizations. This in turn has knock-on effects to other market participants. As a result of the revised Swiss Data Protection Act (which entered into force on 1 September 2023) There was a significant increase in awareness for the regulation around cookies and a growing alignment with EU requirements (as best practice).