As global data privacy laws evolve, Switzerland has stepped forward with its updated regulation: the revised Swiss Federal Act on Data Protection (revDSG), which took effect on 1 September 2023. Though often overshadowed by the EU’s GDPR, revDSG is a major player in the global compliance landscape—especially for businesses handling Swiss user data.
Whether you’re a European company already managing GDPR compliance or a global brand with a presence in Switzerland, you must now treat Switzerland with the same care and technical implementation as you would the EU regarding cookie banners and consent management.
To understand more about Cookie Banner Management, you can read a more detailed article:
It’s important to note that Switzerland is not part of the EU or EEA, and GDPR does not automatically apply to Swiss residents (UK Government Source). However, Switzerland has its own equally stringent privacy law—revDSG—which now mirrors many GDPR standards. This makes it essential for businesses to explicitly include Swiss users in their privacy compliance efforts, primarily when relying on tools like cookie banners or CMPs.
Understanding the New Swiss Data Protection Act (revDSG)
The new Swiss law brings Switzerland’s data protection framework in line with the EU’s GDPR, preserving its data adequacy status and strengthening protections for Swiss residents. According to Digital Guardian, here are the key elements:
- Applies extraterritorially: Any business processing the data of Swiss residents, regardless of where it’s based, must comply.
- Informed, explicit consent: Cookie banners must obtain active opt-in consent. Implied or passive consent is no longer sufficient.
- Transparency and disclosure: Privacy policies must clearly state what data is collected, how it’s processed, where it’s stored, and if it’s transferred internationally.
- Data Protection Impact Assessments may be required for high-risk data processing activities.
- More substantial individual rights for Swiss users, including accessing, correcting, and deleting their data.
revDSG vs GDPR: Similar but Not Identical
While revDSG closely mirrors GDPR, there are a few differences worth noting:
| Requirement | GDPR | revDSG |
| Extraterritorial scope | Yes | Yes |
| Data subject rights | Broad | Broad, slightly narrower |
| Mandatory DPO | Often required | It is not compulsory but is recommended |
| DPIA for high-risk processing | Required | Required |
| Consent for cookies | Explicit opt-in | Explicit opt-in |
The main takeaway: if you’re already GDPR-compliant, you’re 80–90% of the way there—but ignoring the specific inclusion of Swiss users in your consent strategy could still put you at risk.
What This Means for Cookie Banners and CMP Compliance
Suppose your business uses cookies for tracking, advertising, or analytics, and you receive user visits in Switzerland. In that case, your cookie banner setup must now explicitly include Switzerland as a GDPR-equivalent zone.
Geo-Targeting Requirements
Most modern Consent Management Platforms (CMPs) allow businesses to target cookie consent experiences based on geography. Many are configured to apply GDPR logic only to the EEA and UK, often excluding Switzerland – This is a critical oversight
You should:
- Update your CMP geo-targeting to include Switzerland alongside EEA and the UK.
- Ensure your cookie banner for Swiss users offers explicit opt-in, not pre-checked or passive consent.
- Apply granular consent categories (e.g., Essential, Performance, Marketing).
- Log consent for Swiss users in your compliance records, just as you would for EU users.
Google CMP and Swiss Compliance
Suppose you’re running Google Ads or using Google Analytics. In that case, you must also ensure your CMP tool integrates with Google’s Consent Mode API, which now expects valid consent signals for users in GDPR-compliant territories—including Switzerland.
Without proper consent integration:
- Google Ads won’t deliver personalized ads to Swiss users.
- Your ad performance and targeting efficiency may suffer.
- You risk falling out of compliance with both Google’s policies and revDSG.
Best Practices for CMP Configuration
- Enable geo-targeted consent for Switzerland (not just EEA/UK).
- Use a CMP that is Google CMP-approved, such as CookeYes
- o Swiss user rights and data processing disclosures.
- Monitor CMP logs to track and audit Swiss user consent separately if needed.
Marketing Tools That Must Consider Privacy Compliance
| Tool Category | Examples | Why Compliance Matters |
| CRM Platforms | HubSpot, Salesforce, Zoho CRM | Store personal data, must allow access/deletion, log consent |
| Email Marketing | Mailchimp, Klaviyo, ActiveCampaign | Requires opt-in, unsubscribe, and consent tracking |
| Advertising Platforms | Google Ads, Meta Ads, LinkedIn Ads | Use tracking, need consent syncing, impact ad personalization |
| Analytics & Tracking Tools | Google Analytics, Hotjar, Matomo | Collect behavioural data, must load post-consent, offer anonymization |
| A/B Testing Tools | Optimizely, VWO, Convert.com | Require cookies, need conditional loading post-consent |
| Data Enrichment Tools | Clearbit, Apollo.io, Leadfeeder | Identify users from IP/data, must ensure transparency and opt-out options |
| Chat & Live Chat Tools | Intercom, Drift, Tawk.to | Collect personal info, need consent before storing messages or details |
| CDPs & Data Hubs | Segment, Tealium, Adobe Experience | Centralize user data, require granular consent and data portability |
| Affiliate Marketing Tools | Impact.com, PartnerStack | Use cookies for tracking, need regionally appropriate disclosures |
| Forms & Surveys | Typeform, Jotform, Google Forms | Collect data directly, must show lawful purpose and consent opt-ins |
| Cookie Banners & CMPs | CookieYes, OneTrust, Cookiebot | Must be geo-targeted, support granular consent, and integrate with ad platforms |
| Messaging Tools (SMS & WhatsApp) | Twilio, WhatsApp Business, SlickText | Collect personal data, must include clear opt-in, allow easy unsubscribe, and respect consent logs |
Cookie Banner
The leading Google-certified cookie consent solution for WordPress and Shopify. Ensuring GDPR, POPI and CCPA compliance with IAB support and Google Consent Mode v2.
Learn more about Cookie Banner compliance
Final Thoughts: Treat Switzerland Like a GDPR Region
Switzerland may not be part of the EU, but when it comes to privacy compliance, it should now be treated as a first-tier jurisdiction, just like any EEA country or the UK.
Businesses that neglect to apply GDPR-level cookie compliance in Switzerland risk legal consequences under revDSG and loss of advertising effectiveness, mainly when working with Google or Meta platforms.
Action steps for compliance:
- Audit your current cookie banner and CMP setup.
- Include Switzerland in your GDPR-targeted consent experiences.
- Align your privacy policies with revDSG requirements.
- Ensure your CMP integrates with Google CMP for full coverage.
By proactively treating Swiss users with the exact compliance care as their European counterparts, you’ll stay ahead of regulations, maintain advertising performance, and build trust with a privacy-conscious audience.
