Use tracking pixels? You could be breaching privacy laws
New rules around the use of tracking pixels put the onus firmly on businesses to ensure they are compliant. Could this spell disaster for the pair of shoes that’s been following you around the internet? Richard Taylor, managing director of Digital Balance, explains.
Tracking pixels, those tiny, invisible images embedded in websites and emails, have become a ubiquitous tool for businesses to gather data about user behaviour.
Your business is probably using them right now as it keeps tabs on where your customers are and chasing them with products they briefly glanced at on your website. But the question is, are you using them legally?
Recent guidance from the Office of the Australian Information Commissioner (OAIC) has shed light on how Australia’s privacy laws apply to these powerful tools.
If you’re using tracking pixels, the onus is on you to ensure you have a valid legal basis for collecting and using data. And this new guidance from the OAIC calls for transparency about their use.
The most fundamental aspects of the guidance in relation to existing Australian Privacy Principles are entirely absent from what is clearly an automated summary of the hard work the OAIC put into their much needed guidance. It’s concerning that the internet advertising industry is increasingly claiming technical privacy expertise with generated articles like this, without demonstrating real understanding of the legal issues they themselves have perpetuated with these technologies. It’s reminiscent of an antivirus business creating the very viruses they then sell solutions for.
It’s not just this article that I see as problematic. Someone in our commercial team sent us another article from the Internet Advertising Bureau Australia’s blog itself last month that was a similar “technical sales pitch under the guise of ‘Privacy Advice'”, clearly generated using ChatGPT without any subject matter expertise.
Even at a technical level above, the conflation of Cookie Management with Consent Management demonstrates the dangers of using ChatGPT without subject matter expertise to validate the output on such a nuanced topic that seems simple at the surface level.
I apologise if I sound frustrated, but privacy isn’t just a new revenue stream – it’s a field where many of us have invested 15+ years developing expertise across all areas before it became fashionable with the internet industry. I’m not saying that LLMs are bad for productivity, and I welcome others learning about privacy. I’m just saying that like a ‘license to operate machinery’, editors need to start demanding to see the ‘subject matter license’ and ‘years of operating experience’ from anyone submitting opinion pieces generated like this using LLMs.
Very few tracking pixels that I have researched actually provide user location data, though I wish they did as it would be a valuable indicator of readership.
For example, if I send an email newsletter and receive 10 opens without this type of information, I cannot determine whether one person opened it 10 times or whether someone received it and forwarded it to 9 other people.
Let me share a real example: I once sent a newsletter containing confidential information. I believe it was forwarded to a competitor, and I only discovered this through analyzing the unusual patterns of opens.
Only with this info can I establish how my newsletters are being distributed and read.