CookieChimp Logo
Get Started

What Are the FADP Cookie Consent Requirements?

Everything you need to know about FADP cookie consent compliance in 2026. Complete guide covering opt-out requirements, cookie banner elements, consent records, and technical implementation for Switzerland.

Opt-out Translation Required Children's Privacy Rules

Summary

This guide provides comprehensive technical implementation requirements for Switzerland (FADP + TCA). Hybrid model: some cookies allowed under legitimate interest; profiling/marketing require consent. Opt-out always required.

This jurisdiction follows an opt-out consent model, meaning websites can place certain cookies initially but must provide clear mechanisms for users to opt-out of non-essential tracking. Users must be informed about cookies and given easy options to refuse them.

Additional requirements for this jurisdiction include: providing consent banners and privacy information in all required languages, and special protections and consent mechanisms for children's personal data.

Website owners and operators subject to these regulations must implement compliant cookie consent banners, maintain proper consent records, and ensure their tracking technologies respect user privacy choices. This guide outlines all technical requirements needed to achieve compliance.

Key Requirements Overview

Consent Model
Opt-out
Consent Lifespan
12 months
Default State
Mixed
Cookie Walls
Discouraged

Technical Requirements

Prior consent for non-essential cookies
Purpose granularity required
Equal prominence for accept/reject buttons
No pre-checked boxes allowed
Dark patterns prohibited
Proof of consent required
Local storage covered by regulation

Implementation Guidance

Sites can rely on overriding private interests for certain cookies (similar to GDPR legitimate interest). Audience measurement for site improvement is exempt. Marketing/profiling cookies require consent. Opt-out must always be available and prominent.

Special Protections

Children's Privacy

Special protections for minors; consent mechanisms for under 16.

Sensitive Data

Explicit consent required for sensitive data processing.

Record Keeping Requirements

Required Consent Record Fields

For each consent action, you must maintain records containing:

  • Timestamp ISO
  • User Choices By Purpose
  • Policy Version
  • Legitimate Interest Assessment
Retention Period: 18 months minimum
Re-consent Trigger: Material Change Or New Purpose

CookieChimp handles all of this automatically. Our platform maintains comprehensive consent records including all required fields, timestamps, consent strings, IP addresses, user agents, and more. Records are securely stored and easily exportable for compliance audits. Learn more about our consent management

Frequently Asked Questions About FADP Cookie Consent

Legal Disclaimer: For engineering implementation guidance only. Not legal advice. This guide provides technical implementation guidance only and should not be considered legal advice. Privacy laws are complex and frequently updated. We recommend consulting with qualified legal counsel to ensure full compliance with applicable regulations.

Found an issue or have feedback on this page?

Explore Other Jurisdictions

View All

EU (GDPR + ePrivacy Directive Art. 5(3))

EU/EEA

Opt-in

ePrivacy governs cookies; GDPR governs personal data.

Learn more

UK (UK GDPR + PECR)

United Kingdom

Opt-in

PECR governs cookies; UK GDPR governs personal data.

Learn more

Netherlands (Telecommunicatiewet + GDPR)

Netherlands

Opt-in Cookie Walls Prohibited

The Dutch Telecommunications Act (Telecommunicatiewet) Art. 11.7a implements the EU ePrivacy Directive. Consent required before placing non-essential cookies. GDPR applies in parallel for personal data processing. Enforced by Autoriteit Persoonsgegevens (Dutch DPA) and ACM.

Learn more