What Are the FADP Cookie Consent Requirements?
Everything you need to know about FADP cookie consent compliance in 2026. Complete guide covering opt-out requirements, cookie banner elements, consent records, and technical implementation for Switzerland.
Summary
This guide provides comprehensive technical implementation requirements for Switzerland (FADP + TCA). Hybrid model: some cookies allowed under legitimate interest; profiling/marketing require consent. Opt-out always required.
This jurisdiction follows an opt-out consent model, meaning websites can place certain cookies initially but must provide clear mechanisms for users to opt-out of non-essential tracking. Users must be informed about cookies and given easy options to refuse them.
Additional requirements for this jurisdiction include: providing consent banners and privacy information in all required languages, and special protections and consent mechanisms for children's personal data.
Website owners and operators subject to these regulations must implement compliant cookie consent banners, maintain proper consent records, and ensure their tracking technologies respect user privacy choices. This guide outlines all technical requirements needed to achieve compliance.
Key Requirements Overview
Technical Requirements
Required Banner Elements
First Layer (Cookie Banner)
- Cookie Notice
- Opt Out Link
- Link Privacy Policy
- Manage Preferences Button
Second Layer (Preferences Modal)
- Granular Purpose Toggles
- Legitimate Interest Explanation
Implementation Guidance
Sites can rely on overriding private interests for certain cookies (similar to GDPR legitimate interest). Audience measurement for site improvement is exempt. Marketing/profiling cookies require consent. Opt-out must always be available and prominent.
Special Protections
Children's Privacy
Special protections for minors; consent mechanisms for under 16.
Sensitive Data
Explicit consent required for sensitive data processing.
Record Keeping Requirements
Required Consent Record Fields
For each consent action, you must maintain records containing:
- Timestamp ISO
- User Choices By Purpose
- Policy Version
- Legitimate Interest Assessment
CookieChimp handles all of this automatically. Our platform maintains comprehensive consent records including all required fields, timestamps, consent strings, IP addresses, user agents, and more. Records are securely stored and easily exportable for compliance audits. Learn more about our consent management
Legal References & Resources
Official legal documents and regulatory guidance for this jurisdiction:
Frequently Asked Questions About FADP Cookie Consent
Switzerland (FADP + TCA) is a privacy regulation applicable in Switzerland. Hybrid model: some cookies allowed under legitimate interest; profiling/marketing require consent. Opt-out always required. It requires websites to provide clear mechanisms for users to refuse non-essential cookies (opt-out model).
Yes. Under FADP, websites must display a cookie consent banner that includes: cookie notice, opt out link, link privacy policy, manage preferences button. The banner must be shown to inform users about cookie usage and provide opt-out options.
FADP follows an opt-out consent model. This means websites may place certain cookies but must provide clear and easy ways for users to opt out of non-essential tracking.
Under FADP, cookie consent is valid for 12 months. After this period, websites must request consent again from users.
Special protections for minors; consent mechanisms for under 16.
FADP requires maintaining consent records that include: timestamp iso, user choices by purpose, policy version, legitimate interest assessment. Records must be retained for at least 18 months.
Found an issue or have feedback on this page?
Explore Other Jurisdictions
View All
EU (GDPR + ePrivacy Directive Art. 5(3))
EU/EEA
ePrivacy governs cookies; GDPR governs personal data.
UK (UK GDPR + PECR)
United Kingdom
PECR governs cookies; UK GDPR governs personal data.
Netherlands (Telecommunicatiewet + GDPR)
Netherlands
The Dutch Telecommunications Act (Telecommunicatiewet) Art. 11.7a implements the EU ePrivacy Directive. Consent required before placing non-essential cookies. GDPR applies in parallel for personal data processing. Enforced by Autoriteit Persoonsgegevens (Dutch DPA) and ACM.