The BBC has reported that barely visible ‘spy pixels’ are in widespread use across large brands when sending emails which give companies access to certain data.
The report estimates that as many as two-thirds of emails contain these spy pixels which will allow them to see if, when and how many times you opened that email, what device was used to open the email as well as an approximate location which is gained through your IP address of the device.
It is important to note that whilst the spy pixels can tell brands your approximate location, they cannot pinpoint your exact address as it only makes this approximation through the exchange location of where your internet is supplied from.
Why do brands use spy pixels?
So if spy pixels cannot pinpoint your exact location then what benefit do these brands get from putting a data tracker in their emails? The answer isn’t in fact malicious – it’s financial. The marketing department of these brands can use the data to target the most engaged customers. Knowing the approximate location of their customers is sufficient to produce targeted marketing which can help with their regional campaigns.
The concept is very simple – every email companies send contains a very small image called a pixel which is difficult to view with the naked eye as it may be hidden within the text. Once somebody opens the email they can track the user’s behaviour including which links people click allowing them to see what content is the most successful.
Brands can take this a step further and divide their users into different categories. From the data provided by spy pixels, they can split the users into categories who may be interested in particular products. That way they’re no longer sending generic marketing campaigns but emails that you’re more likely to engage in by clicking on the link and therefore buying their products.
Now go through your emails and have a look at the marketing campaigns that you receive from various brands. Notice how they mostly seem to advertise products that you’d be interested in? That’s no accident.
Brands not seeking permission properly
That all sounds pretty innocuous and harmless so what’s the issue? For one it could be a breach of GDPR regulations. There has already been a previous ruling in the EU courts (which still applies post-Brexit) that consent to receive the spy pixels must be “unambiguous” and “a clear affirmative act”. This normally means selecting a box when accepting marketing communications however this often isn’t the case and that there is usually just a notice referring customers to a privacy notice.
The implication is that internet users are not made fully aware of what they are opting-in to and now some are calling for regulatory action from the Information Commissioner’s Office (ICO).
Pat Walshe from Privacy Matters says that “Solely placing something in a privacy notice is not consent, and it is hardly transparent.” Mr Walshe has even pointed out that the ICO had spy pixels within their email campaigns.
In response, the ICO said that the pixels were only used to track the email openings but in embarrassing backtrack for the regulator they’ve now promised to remove them stating: “We’re working with our provider to remove the pixel functionality and this should be completed soon.”
How can you protect yourself from spy pixels?
The use of spy pixels is incredibly widespread and is described as an ‘industry standard’ but not everybody will be comfortable with their use. So what can be done to limit their use?
One way is to prevent images from auto-loading onto the page. There are guides available to show you how to do this with various email clients but be warned that this method isn’t 100% effective.
You can also install extensions into Chrome or Firefox which identify and block the pixels such as PixelBlock. Again this isn’t going to entirely prevent spy pixels with some websites even detailing how they’ve managed to circumnavigate this.
Other methods include using anonymous surfing in browsers such as Tor or deactivating scripts in the Chrome settings however this could affect the functionality of some websites.
The only real way that this will be stopped is through regulatory action through the ICO which shouldn’t be expected imminently with the method in such wide use.
Do you have a data protection or technology matter that you’d like to discuss with the team? Alston Asquith have offices in London and Hertfordshire and can arrange a call to provide some initial advice.
We pride ourselves on our relationship with our clients as well as the service we provide. View some of our feedback on Trustpilot.
Visit our contact page to find out how we can help.