Do I need a cookie banner? The decision tree for your company.

Yes, in the vast majority of cases. As soon as your website uses Google Analytics, Google Fonts, YouTube videos, Google reCAPTCHA or other third-party services, you fall under Level 3 of the FDPIC guidelines. This means: You need a cookie banner with opt-in, script blocking and ideally Google Consent Mode V2. Only if your website exclusively uses technically necessary cookies — which is rare in practice — can you do without a banner.

Fines of up to CHF 5,000 under the Telecommunications Act (Art. 53 FMG) and up to CHF 250,000 under the Data Protection Act (Art. 60 + 63 DSG) may apply. In the EU, penalties are even higher: up to EUR 20 million or 4% of annual global turnover (GDPR). Additionally, the FDPIC announced an enforcement campaign in October 2025. Besides fines, without Google Consent Mode V2 you also lose valuable analytics and advertising data.

No. The FDPIC makes clear that simply continuing to browse or a single "OK" button does not constitute valid consent. A legally compliant banner requires equal buttons for accepting and declining, granular settings per cookie category and the ability to withdraw consent at any time.

Opt-in means: Tracking cookies are only set AFTER the visitor has actively consented. Opt-out means: Cookies are set, and the visitor can object afterwards. In Switzerland, opt-out is sufficient only for cookies without high risk (Level 2). In the EU, opt-in is mandatory for all non-necessary cookies.

Yes, if you offer goods or services to persons in the EU or monitor their behavior (e.g. through Google Analytics). Indicators: prices in euros, delivery to the EU, .de/.at domains, or content in languages primarily addressing EU countries.

Google Consent Mode V2 is an interface between your cookie banner and Google services (Analytics, Ads, Tag Manager). It tells Google whether the visitor has consented. Without GCM V2, Google cannot correctly process your tracking data — you lose conversion data, remarketing lists and the basis for campaign optimization.

Yes, when loaded from Google servers. The visitor's IP address is transmitted to Google in the USA. The Munich Regional Court classified Google Fonts without consent as a GDPR violation in 2022. Alternatively, Google Fonts can be hosted locally on your own server — then the consent requirement does not apply.

Aiara offers the complete solution (cookie banner + privacy policy + imprint + Google Consent Mode V2 + cookie scanner) from CHF 120 per year per domain (Basic) or CHF 240 per year (Pro). Comparable solutions cost between CHF 0 (limited) and CHF 60+ per month. The effort for manual implementation by an agency is typically CHF 1,500–3,000.

Whenever something changes: new services on the website, new cookies, legislative changes, changes with third-party providers. Aiara automatically updates the privacy policy when the cookie scanner finds new cookies and regenerates texts when relevant legal changes occur.

Dark patterns are manipulative design patterns that pressure visitors into consenting — e.g. a large green "Accept" button next to a tiny gray "Decline" link. The FDPIC and European data protection authorities explicitly prohibit dark patterns. Both options must be designed equally.

Yes. Both the FADP and GDPR require transparency. You must list all cookies used with name, provider, purpose, legal basis, retention period and category. Aiara generates this cookie table automatically from scanner results.

The Swiss FADP is generally more liberal than the GDPR when it comes to cookies. In Switzerland, opt-out may suffice in certain cases (Level 2), while the GDPR requires opt-in for all non-necessary cookies. However, anyone using Google Analytics or other third-party trackers also needs opt-in in Switzerland. The practical difference is therefore small for most websites.