# Swiss Cookie Law Requirements — 2paraglide Compliance Guide **Date:** April 8, 2026 **Applicable Law:** Swiss Federal Act on Data Protection (FADP) + revised nFADP **Status:** Legal guidance — Consult Swiss attorney for confirmation --- ## 🎯 Quick Answer ### **Do you need a cookie banner in Switzerland?** **YES — Most likely you do need a cookie consent banner.** **Why:** - Swiss law (revised FADP/nFADP effective September 1, 2023) requires **consent for non-essential cookies** - Switzerland has aligned closer to EU GDPR standards - Tracking cookies, analytics cookies, and marketing cookies require explicit consent - Essential cookies (strictly necessary for site function) do NOT require consent --- ## 📋 Swiss Cookie Law Overview ### 1. Legal Framework #### **Swiss Federal Act on Data Protection (nFADP)** - **Effective Date:** September 1, 2023 (revised version) - **Key Change:** Stricter consent requirements, aligned more closely with EU GDPR - **Cookie Relevance:** Cookies that track personal data require user consent #### **Key Legal Principles:** **Art. 6 nFADP - Principles** - **Lawfulness:** Data processing must be lawful and fair - **Transparency:** Users must be informed about data processing - **Purpose Limitation:** Data collected only for specified purposes **Art. 31 nFADP - Consent** - Consent must be **freely given** - Consent must be **specific** (not bundled) - Consent must be **informed** (clear explanation) - Consent must be **unambiguous** (clear affirmative action) **Art. 19 nFADP - Information Obligations** - Must inform users about data processing - Must inform users about their rights - Must provide contact information for data controller --- ## 🍪 Cookie Categories & Consent Requirements ### Category 1: Essential/Strictly Necessary Cookies **Examples:** - Session cookies (user login state) - Shopping cart cookies - Security/authentication cookies - Load balancing cookies **Consent Required?** ❌ **NO** **Why:** Necessary for website to function properly **Legal Basis:** Legitimate interest (Art. 31 para. 2 lit. a nFADP) **For 2paraglide:** - Login session cookies ✅ (no consent needed) - Booking cart cookies ✅ (no consent needed) --- ### Category 2: Functional Cookies **Examples:** - Language preference - Currency preference - User interface preferences - Remember me functionality **Consent Required?** ⚠️ **GRAY AREA** (Best practice: ask for consent) **Why:** Enhances user experience but not strictly necessary **Recommendation:** Include in consent banner to be safe **For 2paraglide:** - Language selection (EN/DE/FR/IT) — Best practice: ask consent - Map view preference (street/satellite) — Best practice: ask consent --- ### Category 3: Analytics/Performance Cookies **Examples:** - Google Analytics - Hotjar - Mixpanel - Matomo (Piwik) **Consent Required?** ✅ **YES** **Why:** Tracks user behavior, collects personal data **Legal Basis:** Explicit consent required (Art. 31 nFADP) **For 2paraglide:** - If you use Google Analytics → **Consent required** - If you use heatmaps (Hotjar) → **Consent required** - Internal analytics tracking → **Consent required** --- ### Category 4: Marketing/Advertising Cookies **Examples:** - Google Ads - Facebook Pixel - Retargeting pixels - Affiliate tracking **Consent Required?** ✅ **YES** **Why:** Tracks users for advertising purposes **Legal Basis:** Explicit consent required (Art. 31 nFADP) **For 2paraglide:** - Facebook Pixel → **Consent required** - Google Ads conversion tracking → **Consent required** - Retargeting campaigns → **Consent required** --- ### Category 5: Third-Party/Social Media Cookies **Examples:** - Embedded YouTube videos - Facebook like buttons - Twitter widgets - Google Maps (with tracking) **Consent Required?** ✅ **YES** (if they track users) **Why:** Third parties collect user data **Legal Basis:** Explicit consent required (Art. 31 nFADP) **For 2paraglide:** - Leaflet maps (OpenStreetMap) → ❌ No consent (no tracking) - Google Maps embedded → ⚠️ Check if tracking enabled - Social share buttons → Check provider's tracking --- ## 🇨🇭 Swiss Law vs EU GDPR ### Similarities ✅ Both require explicit consent for non-essential cookies ✅ Both require clear, informed consent ✅ Both have right to withdraw consent ✅ Both require transparency about data processing ### Differences ⚠️ **FADP is less strict than GDPR** in some areas: - Smaller fines (FADP: up to CHF 250,000 vs GDPR: up to €20M or 4% revenue) - Enforcement is less aggressive in Switzerland than EU - Some gray areas in Swiss law vs clearer GDPR guidance ### Practical Implication for 2paraglide **Recommendation:** Follow GDPR-style cookie consent to be safe **Why:** If you ever expand to EU, you'll already be compliant --- ## 🚨 What Happens If You Don't Have a Cookie Banner? ### Potential Consequences **1. Legal Risk** - Violation of FADP (Art. 31 - consent requirement) - Federal Data Protection and Information Commissioner (FDPIC) can investigate - Fines: Up to **CHF 250,000** per individual responsible (not company) **2. Reputation Risk** - Modern users expect cookie banners - Lack of banner looks unprofessional - Privacy-conscious customers may distrust your platform **3. Business Risk** - If expanding to EU: GDPR violations (up to €20M fines) - Apple/Google may flag your app in app stores - Advertising partners (Google/Facebook) require compliance ### Likelihood of Enforcement in Switzerland ⚠️ **Medium Risk:** - FDPIC is not as aggressive as EU authorities - But high-profile cases do get investigated - Swiss citizens are privacy-conscious and may complain **Recommendation:** Better safe than sorry — implement cookie banner --- ## ✅ What 2paraglide Needs to Do ### Current Situation Analysis Let me check what's currently on your site... **Likely Current Cookie Usage:** 1. **Session cookies** for user login ✅ (no consent needed) 2. **Booking cookies** for cart/booking flow ✅ (no consent needed) 3. **Analytics?** (Google Analytics, Mixpanel, etc.) → ⚠️ **Consent required** 4. **Marketing pixels?** (Facebook, Google Ads) → ⚠️ **Consent required** 5. **Third-party embeds?** (YouTube, social widgets) → ⚠️ Check tracking ### Required Actions #### **Minimum Compliance (Swiss Law)** 1. **Cookie Policy Page** — Explain what cookies you use 2. **Cookie Consent Banner** — If you use analytics/marketing cookies 3. **Privacy Policy Update** — Include cookie information 4. **Opt-Out Mechanism** — Allow users to withdraw consent #### **Best Practice (GDPR-Style)** 1. **Cookie Consent Banner** with: - Clear explanation of cookie categories - Granular controls (accept all / reject all / customize) - Easy opt-out anytime 2. **Cookie Policy** with: - List of all cookies used - Purpose of each cookie - Retention period - Third parties involved 3. **Technical Implementation:** - Block non-essential cookies until consent given - Store user consent preference - Respect "Do Not Track" browser signals --- ## 🛠️ Implementation Recommendations for 2paraglide ### Option 1: Simple Banner (Minimal Compliance) **If you only use essential cookies:** - No banner needed - Just add cookie information to Privacy Policy - Cost: CHF 0 - Time: 1 hour **If you use analytics/marketing cookies:** - Simple banner: "We use cookies. [Accept] [Settings]" - Cost: CHF 0 (free tools available) - Time: 2-4 hours ### Option 2: Full Compliance Banner (Recommended) **Features:** - Categories: Essential, Functional, Analytics, Marketing - Granular controls (accept/reject by category) - Persistent preference storage - Easy to customize and update **Tools to Use:** - **CookieYes** (CHF 0-50/month) — GDPR/FADP compliant - **Cookiebot** (CHF 0-100/month) — Automatic cookie scanning - **OneTrust** (Enterprise, expensive) — Full compliance suite - **Custom solution** — Build your own **Cost:** CHF 0-50/month **Time:** 4-8 hours implementation ### Option 3: Custom Implementation (Full Control) **Build your own cookie consent banner:** - Full design control - No third-party dependencies - Complete customization **Cost:** CHF 2,000-5,000 (developer time) **Time:** 1-2 weeks --- ## 📝 Sample Cookie Categories for 2paraglide ### What to Include in Your Cookie Policy **Category 1: Strictly Necessary Cookies** | Cookie Name | Purpose | Duration | Provider | |-------------|---------|----------|----------| | `session_id` | User login state | Session | 2paraglide | | `booking_cart` | Booking information | 24 hours | 2paraglide | | `csrf_token` | Security/CSRF protection | Session | 2paraglide | **Category 2: Functional Cookies** | Cookie Name | Purpose | Duration | Provider | |-------------|---------|----------|----------| | `language` | Preferred language | 1 year | 2paraglide | | `currency` | Preferred currency | 1 year | 2paraglide | | `map_view` | Map view preference | 1 year | 2paraglide | **Category 3: Analytics Cookies** (if used) | Cookie Name | Purpose | Duration | Provider | |-------------|---------|----------|----------| | `_ga` | Google Analytics tracking | 2 years | Google | | `_gid` | Google Analytics session | 24 hours | Google | | `_gat` | Google Analytics throttling | 1 minute | Google | **Category 4: Marketing Cookies** (if used) | Cookie Name | Purpose | Duration | Provider | |-------------|---------|----------|----------| | `_fbp` | Facebook Pixel tracking | 3 months | Meta/Facebook | | `IDE` | Google Ads tracking | 13 months | Google | --- ## 🎨 Cookie Banner Design Recommendations ### UX Best Practices **1. Position:** - Bottom of screen (most common, least intrusive) - OR: Centered modal overlay (more prominent) **2. Content:** - **Headline:** "We use cookies 🍪" - **Explanation:** "We use cookies to improve your experience and analyze site traffic." - **Buttons:** [Accept All] [Reject All] [Customize] - **Link:** "Cookie Policy" and "Privacy Policy" **3. Style:** - Match 2paraglide design (dark forest green theme) - Clear, readable text - Accessible (keyboard navigation, screen reader friendly) **4. Mobile-Friendly:** - Responsive design - Touch-friendly buttons - Not blocking critical content ### Example Banner Text ``` 🍪 We use cookies We use cookies to provide essential site functionality, analyze site usage, and improve your experience. [Accept All] [Reject Non-Essential] [Cookie Settings] Learn more in our Cookie Policy and Privacy Policy. ``` --- ## 📋 Implementation Checklist ### Phase 1: Cookie Audit (Week 1) - [ ] **Audit current cookies:** Check browser DevTools → Application → Cookies - [ ] **Identify sources:** Session, analytics, marketing, third-party - [ ] **Categorize cookies:** Essential, functional, analytics, marketing - [ ] **Document cookies:** Create cookie inventory (name, purpose, duration, provider) ### Phase 2: Legal Documentation (Week 1) - [ ] **Create Cookie Policy page** (`cookie-policy.html`) - [ ] **Update Privacy Policy** to include cookie information - [ ] **Add to footer:** Link to Cookie Policy - [ ] **Swiss attorney review:** Confirm compliance with FADP ### Phase 3: Technical Implementation (Week 2) - [ ] **Choose solution:** CookieYes / Cookiebot / Custom - [ ] **Implement banner:** Display on first visit - [ ] **Block non-essential cookies:** Until consent given - [ ] **Store consent:** Save user preference (cookie or localStorage) - [ ] **Respect consent:** Load analytics/marketing only if accepted ### Phase 4: Testing (Week 2) - [ ] **Test banner display:** First visit, returning users - [ ] **Test consent flow:** Accept, reject, customize - [ ] **Test cookie blocking:** Verify non-essential cookies blocked - [ ] **Test all pages:** Ensure banner works everywhere - [ ] **Test browsers:** Chrome, Safari, Firefox, Edge - [ ] **Test mobile:** iOS Safari, Android Chrome ### Phase 5: Launch (Week 3) - [ ] **Deploy to production** - [ ] **Monitor consent rate:** Track % of users accepting/rejecting - [ ] **Customer feedback:** Address any complaints - [ ] **Analytics impact:** Measure impact on analytics data (expect 20-40% drop) --- ## 💰 Cost Estimate ### Cookie Compliance Implementation | **Item** | **Cost** | **Timeline** | |----------|----------|--------------| | **Cookie audit** | CHF 0 (internal) | 2 hours | | **Cookie policy creation** | CHF 500-1,000 (legal) | 1 day | | **Privacy policy update** | CHF 300-500 (legal) | 1 day | | **Banner tool subscription** | CHF 0-50/month | Ongoing | | **Implementation** | CHF 1,000-2,000 (dev) | 1 week | | **Testing** | CHF 500 (QA) | 2 days | | **Attorney review** | CHF 500-1,000 | 1 week | | **TOTAL** | **CHF 2,800-5,050 + CHF 0-50/month** | **2-3 weeks** | --- ## 🔍 Recommended Cookie Consent Tools ### 1. **CookieYes** (Recommended for 2paraglide) - **Price:** Free for <25k page views/month, then CHF 9-49/month - **Pros:** FADP/GDPR compliant, easy setup, auto-scanning - **Cons:** Branding on free plan - **Website:** cookieyes.com ### 2. **Cookiebot** - **Price:** Free for <50 pages, then CHF 20-100/month - **Pros:** Automatic cookie detection, 40+ languages, white-label - **Cons:** More expensive - **Website:** cookiebot.com ### 3. **OneTrust** - **Price:** Enterprise pricing (CHF 500-2,000+/month) - **Pros:** Complete compliance suite, used by Fortune 500 - **Cons:** Overkill for small platform, very expensive - **Website:** onetrust.com ### 4. **Custom Solution** - **Price:** CHF 2,000-5,000 (one-time development) - **Pros:** Full control, no ongoing fees, custom design - **Cons:** Maintenance burden, need to update for law changes - **When to use:** If budget allows and you want full ownership --- ## 🎯 Recommendation for 2paraglide ### **Recommended Approach:** **Option: CookieYes Free/Paid + Custom Cookie Policy** **Why:** - Cost-effective (CHF 0-49/month) - FADP/GDPR compliant out-of-the-box - Quick implementation (1 week) - Automatic cookie scanning - Easy to update as you add new cookies **Implementation Plan:** 1. **Week 1:** Cookie audit + legal documentation (cookie policy) 2. **Week 2:** CookieYes setup + integration 3. **Week 3:** Testing + attorney review + launch **Total Cost:** CHF 2,800-5,050 + CHF 0-49/month **Total Time:** 2-3 weeks --- ## ⚠️ Important Considerations ### 1. Impact on Analytics **Expected Impact:** - **30-50% of users will reject analytics cookies** (industry average) - Your Google Analytics data will be less complete - Consider server-side analytics for essential metrics **Mitigation:** - Use essential metrics only (server logs: page views, conversions) - Focus on conversion tracking (bookings) vs vanity metrics - Consider privacy-friendly analytics (Plausible, Fathom) ### 2. Impact on Marketing **Expected Impact:** - **Facebook Pixel / Google Ads tracking will be limited** - Retargeting campaigns less effective - Attribution tracking less accurate **Mitigation:** - Use first-party data (email, phone) for retargeting - Focus on contextual advertising vs behavioral - Consider Conversion API (server-to-server tracking) ### 3. User Experience **Expected Impact:** - Cookie banner is one more step for users - Some users find it annoying - But most users expect it now (standard practice) **Mitigation:** - Make banner non-intrusive (bottom corner) - Don't force accept (allow reject/close) - Remember preference (don't show again) --- ## 📞 Next Steps ### Immediate Actions 1. **Executive Decision:** Approve cookie compliance project - Budget: CHF 2,800-5,050 + CHF 0-49/month - Timeline: 2-3 weeks 2. **Cookie Audit:** Check current site for cookies - Open Chrome DevTools → Application → Cookies - Document all cookies currently in use 3. **Legal Consultation:** Ask Swiss attorney - Confirm FADP requirements for your specific use case - Review cookie policy draft 4. **Choose Solution:** CookieYes vs Cookiebot vs Custom 5. **Schedule Implementation:** Add to development roadmap --- ## 📚 Reference Links ### Swiss Law - [Swiss Federal Act on Data Protection (FADP)](https://www.fedlex.admin.ch/eli/cc/1993/1945_1945_1945/en) - [Swiss FDPIC (Data Protection Authority)](https://www.edoeb.admin.ch/edoeb/en/home.html) ### Tools - [CookieYes](https://www.cookieyes.com/) - [Cookiebot](https://www.cookiebot.com/) - [OneTrust](https://www.onetrust.com/) ### Guides - [FDPIC Guide to FADP](https://www.edoeb.admin.ch/edoeb/en/home/data-protection/grundlagen.html) - [Swiss vs GDPR Comparison](https://www.dlapiper.com/en/insights/publications/2020/07/switzerland-new-federal-act-on-data-protection) --- ## ✅ Summary ### **Do you need a cookie banner?** **YES — If you use:** - ✅ Google Analytics or other analytics - ✅ Facebook Pixel or marketing pixels - ✅ Retargeting / advertising cookies - ✅ Third-party tracking tools **NO — Only if you use:** - ❌ Essential session/auth cookies only - ❌ No tracking whatsoever ### **Recommendation for 2paraglide:** **Implement a FADP-compliant cookie consent banner using CookieYes.** **Why:** 1. Professional standard practice 2. Required by Swiss law (if using analytics/marketing) 3. Low cost (CHF 0-49/month) 4. Quick implementation (1 week) 5. Future-proof (GDPR compliant if expanding to EU) **Next Step:** Audit your current cookies to determine exact requirements. --- **Document Version:** 1.0 **Created:** April 8, 2026 **Status:** Legal guidance — Consult Swiss attorney for confirmation **Review:** Recommend annual review as Swiss law evolves --- **Questions?** Email: legal@2paraglide.com **⚠️ DISCLAIMER:** This document provides general guidance on Swiss cookie law. It is not legal advice. Consult a qualified Swiss attorney specializing in data protection law (FADP) for advice specific to your situation.