Cookies and similar technologies: Swiss FDPIC factsheet highlights practical compliance implications

19.05.2026

The latest factsheet on cookies from the FDPIC looks beyond banners to expose how today’s tracking ecosystem really works. This article breaks down the practical legal implications for website operators in Switzerland, explaining why meaningful user choice and restraint in tracking are more important than ever.

On 31 March 2026, the Swiss Federal Data Protection and Information Commissioner (FDPIC) published a factsheet on the use of cookies and similar technologies as part of its awareness campaign. Although the document is primarily addressed to internet users, it also contains practical signals for website operators and organizations more broadly.

A particularly useful aspect of the factsheet is that it does not look at cookies in isolation. Rather, it makes clear that cookies form only one part of a broader tracking ecosystem. The FDPIC expressly refers not only to cookies, but also to tracking pixels and web beacons, local storage, device fingerprinting and advertising identifiers in mobile environments. Taken together, these technologies can enable extensive tracking, profiling and targeted messaging, including for advertising and political campaigning.

The factsheet also distinguishes between different categories of use, namely strictly necessary cookies, limited analytical or performance cookies, and marketing or targeting cookies, often involving third parties. At the same time, it underlines that, irrespective of the business model, the applicable legal framework must be complied with, in particular from a data protection perspective.

From a Swiss legal perspective, the document is a welcome reminder that the use of cookies and similar technologies must be assessed under a dual legal framework. On the one hand, the Federal Act on Data Protection (FADP) governs the processing of personal data. On the other hand, Article 45c of the Telecommunications Act regulates the storage of and access to data on end-user devices (“Processing of data on external equipment by means of transmission using telecommunications techniques is permitted only i) for telecommunications services and charging purposes; or ii) if users are informed about the processing and its purpose and are informed that they may refuse to allow processing”). Any meaningful legal analysis in Switzerland should take both regimes into account.

The factsheet also usefully confirms the established Swiss approach. While European law generally requires prior explicit consent for the use of cookies, except for those that are strictly necessary, Swiss law places greater emphasis on transparent information and the user’s right to object. This distinction remains important in practice and should not be blurred in compliance assessments.

Although framed as user guidance, the document also sends clear practical compliance signals to controllers. In substance, they point towards a number of concrete expectations: websites and digital services should explain clearly how personal data is used; cookie settings should offer genuine and granular choices rather than default “accept all” options; opt-out mechanisms should be visible and effective, including in relation to third-party technologies; users should be able to revisit and modify their choices easily; and tracking setups should be designed in line with the principles of transparency and data minimization.

The awareness-oriented character of the factsheet is also notable. As a follow-up to the FDPIC’s 2025 cookies guide, it seeks to encourage a broader audience to exercise control over its digital footprint and to avoid systematically consenting to all cookies without reflection. In that sense, the document is not only legally relevant, but also part of a broader effort to promote more restrained and data-minimalist tracking practices.

In short, the factsheet reinforces a point that remains highly relevant in practice: cookie compliance in Switzerland is not about formal banner design alone, but about transparency, meaningful user choice and a restrained approach to tracking.

Find the link to the factsheet here: Factsheet on the use of cookies and similar technologies

Find the link to the FDPIC cookies guidelines of 6 October 2025 here: Guidelines on data processing using cookies and similar technologies

 

Article provided by INPLP members: Lukas Bühlmann and Michael Reinle (MLL Legal, Switzerland)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.