Analytics made for Switzerland
von Katrin Nebermann
What do Swiss website operators need to bear in mind for data protection-compliant web analytics?
Swiss companies usually have to comply with both the Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR). Why the GDPR too? In accordance with the so-called marketplace principle (Art. 3 para. 2 lit. a GDPR), the GDPR applies as soon as the offer is directed at persons in the EU or the EEA (even to persons in Liechtenstein). In its Guidelines 3/2018, the European Data Protection Board set out the following criteria, among others:
- Shipment of goods to persons in the EEA (EU, Iceland, Liechtenstein or Norway)
- Display of prices in EURO or acceptance for payment
- Use of top level domains (TLDs) with reference to at least one member state (such as .at, .de or .li)
- tourist offers with an international character or for international customers
This is likely to apply to many Swiss websites. In addition, the Swiss Data Protection Act was adapted to the GDPR in order to be recognized as equivalent.
In contrast to Google Analytics, etracker analytics does not require consent under the Swiss Data Protection Act, even with cookies, as etracker Analytics does not generate any personal profiles by default, according to the Federal Data Protection and Information Commissioner (FDPIC):
“A transparent privacy policy alone is not sufficient if tracking is used to obtain particularly sensitive personal data or personality profiles. In this case, the user must be expressly asked in advance when visiting the website whether they agree to the tracking.”
However, cookie-less tracking with cookie activation after consent is also recommended in Switzerland, as the provisions of the e-Privacy Directive 2002/58/EC of the European Parliament and of the Council (Cookie Directive) usually also apply due to the market location principle.
By and large, the same “rules of the game” apply for Swiss companies as for companies in the EU and therefore also the same recommendation: With data protection-friendly processing in accordance with the legitimate interest and without the use of cookies and the reading of screen properties, web analysis can be used without consent in compliance with the law. This means that data loss and distortion can be avoided in the long term and marketing measures can be reliably data-driven.
Data protection under control: simply block external content