Uses blogger cookies

Opt-in, opt-out: Legally compliant cookies on websites in Switzerland

A guest contribution by lawyer Martin Steiger, Steiger Legal

Those who visit websites outside of Switzerland are increasingly being told that by continuing to use the websites in question, they are tacitly consenting to the use of cookies. Some website operators even ask for express consent to the use of cookies or at least explain how cookies can be deactivated in the browser.

The background to this is the so-called cookie directive of the European Union (EU) from the end of 2009. This directive is also relevant for website operators in Switzerland. Switzerland has had its own cookie regulation since spring 2007, but it is much less restrictive compared to the EU.

An example of the implementation of the cookie policy can be found on the Twitter website:

«In order to make Twitter available to you, we and our partners use cookies on our and other websites. Cookies help to personalize the content of Twitter, to customize Twitter advertisements, to measure their performance and to make Twitter better, faster and safer for you. By using our services, you agree to our use of cookies. »

Opt-in: European Union cookie policy

The so-called cookie directive is the European directive 2009/136 / EC. It came into force on December 19, 2009 and revised the existing European data protection directive for electronic communications (Directive 2002/58 / EC). Since this revision has tightened the legal requirements for the use of cookies in particular, the term cookie guideline is widespread.

In the EU, since the Cookie Directive came into force, cookies may only be used if the users of a website have given their consent after prior notification (opt-in principle, informed consent). This regulation applies not only to cookies, but also to any storage of information on users' end devices and access to such information. These include, for example, so-called flash cookies (Local Shared Objects, LSO) and web storage (DOM Storage).

As an exception, the cookie guideline does not apply to cookies that are absolutely necessary, for example to identify registered users or to manage a shopping cart. Most cookies, however, should not be absolutely necessary, but are mainly used in connection with advertising and for collecting user data.

Implementation of the cookie directive in the EU

The cookie directive has to be implemented by the EU member states, which has not yet happened everywhere. In Germany there is no corresponding national law and how this should be implemented is a matter of dispute within the EU. It is unclear how exactly the consent to the use of cookies must be given. The cookie guideline provides in its - however non-binding - introductory considerations that the implementation «As user-friendly as possible» should take place. National implementations of the cookie directive must therefore stipulate the opt-in principle, but should not disproportionately restrict user-friendliness when surfing websites with cookies.

In practice, an implementation such as that found on Twitter is widespread: users are actively and in advance informed about the use of cookies and asked for their tacit consent to continue using the website they visit. It also explains how cookies can be deactivated in the browser.

Consent to the use of cookies can be given in general and is not necessary for each individual cookie. However, it is not sufficient for consent that the browser generally allows cookies on the device used, because this is the common standard setting and not user consent. In the case of underage users, consent must be given by the legal representative, as in most other legal matters.

Relevance of the cookie policy for Switzerland

As EU law, the cookie directive for website operators in Switzerland is not directly applicable. However, since most Swiss websites are open to users from the EU and use cookies, it is also advisable for website operators in Switzerland to implement the EU cookie directive.

Plugins are available for common content management systems (CMS). For WordPress there are, among other things, “Cookie Notice” and “Cookie Law Info”.

Opt-out: Cookie regulation in Switzerland

The Swiss cookie regulation has been in force since April 1, 2007 and can be found in Art. 45c lit. b of the Telecommunications Act (LTC). So that is "Editing of data on third-party devices by means of telecommunication transmission [...] is only permitted [...] if the users are informed about the processing and its purpose and are advised that they can refuse the processing." A violation of this cookie regulation is considered an administrative offense and can be punished with a fine of up to 5000 francs (Art. 53 LTC).

According to this cookie regulation, website operators in Switzerland must inform their users about cookies used and also state the purpose. It must also be explained how cookies can be rejected, i.e. deactivated in the browser. In contrast to the EU, Switzerland follows the opt-out principle and consent is generally not required. The consent only needs to be express if it is required in exceptional cases for cookies with particularly sensitive personal data or personality profiles (Art. 4 No. 5 DSG).

The cookie regulation in Switzerland does not contain any formal requirements. As a rule, a corresponding note in the data protection declaration, as it is linked on many websites in the footer of individual pages, is sufficient. Concerning the deactivation of cookies, short instructions for the common browsers are user-friendly, but are not compulsory due to the Swiss cookie regulation. Some websites point out that without cookies, not all functions can be used.

Briefly formulated and as part of a website's data protection declaration, the Swiss cookie regulation could be implemented as follows:

"This site uses cookies. Cookies are small text files that are stored permanently or temporarily on your computer when you visit this website. The purpose of the cookies is, in particular, to analyze the use of this website for statistical evaluation and for continuous improvement.

You can deactivate cookies in whole or in part at any time in the settings in your browser. If cookies are deactivated, you may no longer be able to use all the functions of this website. »

Additional information is required for third-party cookies from services such as Google Analytics. Many providers of such services expressly include such a notice in their terms of use.

Recommendations for website operators in Switzerland

  • Always implement the Swiss cookie policy: Operators of websites in Switzerland should at least implement the Swiss cookie regulation. The implementation can take place as part of a data protection declaration and should include information about the use of cookies and their purpose as well as an explanation of an opt-out option. The easiest way to opt out is to refer to the relevant browser settings.
  • If necessary, also implement the European Cookie Directive: Since most Swiss websites are open to users from the EU, it is advisable to implement the EU cookie directive as well. Users should be actively informed about the use of cookies and asked for their at least tacit consent to continue using the website. For further information on the use of cookies, there is a link to a data protection declaration.
  • Consider any third-party cookies: If third-party cookies are used by services such as Google Analytics, additional information is required.

Note: In case of doubt, in the event of ambiguity and for clarifications in individual cases, we recommend that you seek advice from a specialist such as a lawyer.