Email vs. Web Pixels and the privacy implications marketers need to know

A critical part of a marketer’s job – and the primary way to justify marketing spend and campaigns – is to track. Marketers want to track how many users visit which web pages, and from which web pages they come. They want to know which email campaigns resonate with users by tracking which and how many users open those emails, and for those who do, which users buy. Marketers also want to track web visitors across sites so that they can make effective use of retargeting spend. In this way, marketers can be efficient with their budget and adjust tactics according to results. The two most common ways to conduct these tracking activities are through cookies and pixels.

Cookies, pixels, and privacy concerns

Cookies are small pieces of data, usually including a unique identification number, that a web browser stores once the user visits the website in question. Persistent cookies, cookies that remain on a user’s browser even after the web session ends, allow websites to create a profile of the web visitor and track activity across sessions and websites. Pixels, on the other hand, are tiny, transparent (invisible) graphics embedded into a web page or email. Tracking pixels can send information back to the company in question about whether the individual has opened an email or made an online purchase, online behavior, and other marketing data. Pixels can also follow users across devices, whereas cookies cannot.

Privacy concerns apply to both cookies and pixels. However, pixel privacy concerns are creating more privacy buzz and recent headlines. For example, a 2023 Data Security Incident Report disclosed more than 50 class action lawsuits in the healthcare industry that alleged unauthorized disclosure of patient information, including health information, through online tracker technologies.

That said, email tracking pixels specifically worry Legal and Privacy teams, and for good reasons: a lack of transparency and consent. Websites post clear notices about cookies and other online trackers like pixels, and their uses, and as a result most web visitors understand at least the basics of online trackers. Additionally, browsers typically have a “privacy” section that allows users to clear cookies and opt out of some online trackers, including pixels and cookies, altogether. Websites also commonly post cookie consent experiences through which users can opt in or out of some types of cookies and other tracking technologies, including pixels. This means that online pixels, like cookies, have a reasonable amount of transparency and user control.

On the other hand, it is not common to see just-in-time notices about email pixels. Even website privacy notices often do not address email tracking, but even if they do, it is unreasonable for an email recipient to review the privacy notices of all companies from which they receive an email. As a result, most consumers using email do not understand that email pixel tracking is happening at all.

Consumers also cannot easily disable email pixels like they can website trackers. To prevent email pixels from working, an email user would need to either set their email provider settings such that external images are blocked altogether, or they must turn off HTML emails and only accept emails as plain text. Some email providers have this functionality available, but not only do users have to understand enough about email pixels to take advantage of these features; they must then live with emails that contain none of the visual design they use and enjoy.

Tracking pixels, including and more problematically email tracking pixels, are also the focus of class action lawsuits alleging violation of wiretapping laws. For example, in the United States (U.S.), some plaintiff attorneys have alleged that companies using Facebook or TikTok pixels violate one or more State wiretapping laws. Though some argue this is a misuse of an outdated set of laws that never contemplated the online world, and though not all suits are successful, the trend still represents a risk of unnecessary legal costs and litigation distraction. Similarly, email tracking pixels have garnered plaintiff attorney attention, as in the case that H&M faced in the U.S..

This means that marketing teams will want to partner with Legal and Privacy teams to help ensure that they implement email and web tracking pixels in a compliance, risk-addressing manner. Here are a few things to keep in mind:

• Transparency – regularly review the web and email tracking pixels the companies uses and compare those with any disclosures in relevant privacy notices, including the just-in-time notices related to consents for receiving emails and cookie consent banner language.
• Consent – since most cookie consent experiences also allow users to express at least an opt out request for tracking pixels, and sometimes require opt in, so web pixel consent may not require additional effort if a cookie consent mechanism is in place. However, to be fully compliant, an organization should provide email recipients with a link to opt out of email pixels (like the common unsubscribe link). Keep in mind that some jurisdictions may require an opt-in rather than opt-out model for email pixel tracking.
• Minimal Collection – marketing teams will want to regularly review the data collected through both web and email tracking pixels and consider whether they absolutely require all the data they collect (and eliminate any unneeded data fields). The company will want to avoid excessive tracking that might trigger consumer privacy concerns or regulator notice. Especially pay attention to and avoid any inclusion of specially regulated information, such as financial or healthcare information.
• Accurate Bucketing – websites and marketing practices change, and as they do any consent mechanism will have to adjust to new pixels or pixel uses. The marketing team is in the best position of identifying new or changing pixels a working with Legal and/or Privacy teams to accurately bucket those pixels so that the consent mechanism can work appropriately.

Summary

In summary, web and email pixels both have their uses, and a savvy marketing department can deploy both in a compliant, trustworthy manner. However, even privacy experts can misunderstand email pixels, their uses, and the privacy risk implications. A responsible marketing organization has an opportunity – and a responsibility – to collaborate with other groups to ensure that both web and email tracking pixels meet with customer and regulator expectations while meeting company goals.