Pixels vs. Cookies: Key differences to understand

Many discussions about online behavior tracking and targeted digital advertising refer only to internet cookies, their behavior, and how privacy principles like transparency and consent apply. However, using the word “cookies” as a catch-all term when discussing online tracking may cause an organization to miss important nuances critical to online privacy compliance.

Diligent organizations with an appreciation for the fact that the technologies behind its digital assets and tracking practices can have a significant impact on the “how” of compliance will want to distinguish between the two main technical components that make online tracking activities possible – tracking pixels and cookies.

What are cookies and pixels?

Internet cookies and tracking pixels are two technical solutions to online tracking. Companies use both in similar, if not identical, ways.

However, online cookies and tracking pixels also have some key differences, and those differences can impact how (or whether) a company complies with privacy best practices, laws, and customer expectations.

It may be useful to outline what exactly tracking pixels and online cookies are, how companies use these two technologies, and how they differ from one another in ways important to privacy compliance.

Understanding internet cookies

Let’s start with the technology that most privacy and marketing professionals know best – cookies.

Internet cookies are simply small text files that websites place through browsers on a user’s device. Persistent cookies are the type of cookies advertisers and other companies use most to track users. They “live” on a user’s computer’s hard drive, within the browser’s user data or profile folder.

Different browsers store internet cookies slightly differently, and the operating system of the computer in question can also impact exactly where saved cookies exist.

Regardless of the storage location, persistent cookies typically have a lifespan. This can range from a brief period (seconds) to months or even years. After the lifespan expires, the cookie is deleted.

The website that sets the cookie determines the lifespan of that cookie, though browsers can and do establish maximum cookie lifespan limits. For example, Google Chrome allows a maximum lifespan of four hundred days.

When a user visits a website, that website may cause a variety of cookies to set on that user’s device. Cookies can store personal information, such as an individual’s name and contact information. More common, however, is for cookies to assign a user an identification number and then collect information about that user’s behavior both within that website as well as across the internet, using the cookie ID to link the otherwise anonymous web visitor to whatever behaviors company wants to track.

In this way, cookies can track pages an individual visits, what links they click, what searches they perform, what preferences the user has, and many, many other facts.

Cookies also help companies save shopping carts for web visitors across browser sessions, store logon credentials, and remember things like language preferences.

What are tracking pixels?

Tracking pixels, on the other hand, are exceedingly small (invisible) images embedded into a web page or email.

When a user visits a web page or opens an email with an embedded pixel, the pixel loads and sends information to back to the pixel’s home server – typically information about the user’s location, operating system, IP address, and potentially some limited behavioral information.

Like cookies, tracking pixels can gather and share information back to the originating company, like whether and how long a user visited a web page or whether the targeted individual opened an email. Companies use pixels for delivering targeted ads, measuring marketing campaign and website effectiveness, and for other purposes related to website/email analytics, targeted marketing, and experience management.

Pixels, unlike cookies, can also track users across devices. This means that organizations can use pixels to follow users as they use computers, smartphones, tablets, and other devices.

Privacy considerations between cookies and pixels

There are several significant differences between internet cookies and tracking pixels that can impact privacy compliance, especially related to transparency and consent. Following is a brief description of questions that diligent (and tech savvy) compliance, privacy, and marketing professionals should ask to help ensure that the technological nuances do not get in the way of sound privacy decisions.

Transparency: Are you disclosing enough?

Though most modern privacy notices discuss cookies and how the organization uses them on its public websites, the more hidden nature of “invisible” pixels leads many organizations to unintentionally omit pixel-related disclosures. Moreover, since organizations can – and often do – embed tracking pixels into marketing emails to track open rates, even organizations that disclose the use of pixel tracking on websites may forget to provide transparency about pixel-driven email tracking.

Questions:

• Do we use pixels for tracking on our public websites?
• If yes, do our notices disclose those technologies and uses?
• Do we embed pixels in marketing or other types of emails? Apps? Other channels?
• If yes, do our notices disclose this information?

Control and consent: Are users really in charge?

Common browsers have either deprecated third-party cookies altogether, or offer users control over whether and which cookies the browser sets. This means that users can clear, or delete, cookies through browser controls. Browsers typically even provide a universal privacy setting like Global Privacy Control (GPC) through which a user can set cookie preferences once, and the browser communicates those preferences to all websites as the user dictates.

Due to jurisdictional requirements, many companies provide a cookie consent banner to web visitors through which they can accept or reject cookies.

On the other hand, companies do not always include pixels in the same consent/control mechanisms – either because the cookie consent vendor does not accommodate pixels, or because the implementation team did not consider and categorize pixels when setting up the consent experience.

Though many consent providers and browsers do include pixels in their controls, their inclusion may not be automatic or as visible.

Questions:

• If we use pixels for tracking purposes, do all our consent mechanisms (like cookie consent banners) allow users to opt-in/opt-out from pixels as well as from cookies?
• Have we identified and categorized tracking pixels appropriately so that consent mechanisms can function as designed?
• Do we embed pixels in marketing or other emails?
• If yes, do we need explicit or implicit consent for this, and do we provide mechanisms through which users can express this consent?

Final thoughts: Asking the right questions

In summary, though companies use internet cookies and tracking pixels for many of the same purposes, the operational differences between the two technologies can prevent even well-intentioned organizations from applying transparency and consent/user control in the way they want and need. However, asking a few pointed questions to the right teams can help identify any gaps in compliance.