Even after excluding spam, two-thirds of emails sent to individual accounts still contain “spy pixels,” according to cybersecurity service providers. At the same Time, many large brands are using emails that contain spy pixels.
What is a spy pixel?
It is an invisible beacon. The pixel that can be tracked is usually a .GIF or .PNG file with a size of 1×1 pixel. This image file can be inserted into the header, footer or body of an email. We cannot see them. A pixel dot is more like a hyperlink to which code can be attached.
This has long been a commonplace subscriber big data tactic.
Several companies involved in mass spying pixel emails point out that they explicitly use similar techniques in their broader privacy policies early on. Meanwhile, users have ticked the box and tapped OK.
Spy pixels can be used to record.
If and when an email is opened?
How many times it was opened?
Which devices are involved?
The approximate physical location of the user as inferred from their Internet Protocol (IP) address.
They can be activated without the recipient having to click on a link or perform any action.
Without special diagnostic software, it is not easy to find out what tracking pixels an email contains.
Some cybersecurity experts question whether companies are as transparent about their use of spy pixels as the law requires.
Brands in UK businesses that are using pixel emails include British Airways, TalkTalk, Vodafone, Tesco, HSBC, Marks & Spencer, Asos and Unilever.
A study by Princeton University shows that the data collected is sometimes associated with a user’s cookie. Companies can associate email addresses with users’ broader browsing habits, even as they move from one device to another.
In the UK and the rest of Europe, the use of spy pixels is governed by the 2003 Privacy and Electronic Communications Regulations (Pecr) and the 2016 General Data Protection Regulation (GDPR).
They require that consumers must be informed in advance of the inclusion of tracking files in emails and that consent must be obtained in most cases.
The Court of Justice of the European Union has previously ruled that such consent must be “explicit” and “unequivocally affirmative” and that “mere ticking of a box in a privacy statement is not a basis for consent.”
Recent Comments