No To Spy Pixels
Many of the emails we receive from organisations contain tiny images that relay information back to the sender. These are called tracking or spy pixels.
The emails we receive can often tell the sender:
If we’ve read an email
How many times we opened it
Where we were when we read it
Which links we clicked
How many times we clicked them
What device we used to read
In many cases, if we unsubscribe from a mailing list and revisit an email, that data will continue to be collected. After all, unsubscribing doesn’t delete the spy pixel or the unique URLs that identify links you click.
This tracking isn’t limited to emails from commercial senders, some personal email providers embed these spy pixels, too.
Recipients aren’t informed about this tracking or given the option to opt-out. A lot of email software gives users the chance to block these pixels, but blocking trackers isn’t the same as opting-out.
Are they allowed?
The use of tracking pixels is widespread, but that doesn’t justify their use. Many people are completely unaware that this tracking goes on at all.
Organisations are allowed to use tracking pixels if users know about them and are given options. From the ICO:
PECR does not prohibit using cookies and similar technologies. However, PECR does require you to tell people about them and give them the choice as to whether or not this information is stored on their devices in this way.
What can we do?
In this Telegraph article, the ICO recommends:
If anyone is concerned about how their data is being handled, they should contact the organisations first. If not satisfied, they can make a complaint to the ICO.
So, let’s do it.
You’ll need to make a complaint to the company using spy pixels.
If you use HEY, it’s easy to identify the company as they highlight spy pixels in the interface. If you don’t, there are tools to help:
MailTrackerBlocker for the default macOS mail app blocks and labels trackers.
Simplify highlights (and blocks) trackers for Gmail users.
Browser extensions like Ugly Email for Gmail (available on Chrome and Firefox) will identify blockers.
As ever, read reviews and check privacy policies...
Many email apps let you block remote images. This doesn’t necessarily mean that email contains a tracking pixel, but there’s a good chance it might: ask the sender if you’re unsure.
Here’s a complaint template you can tweak:
The emails I receive from you contain tracking pixels. These track when I open emails, where I am when I open them and the device on which they were opened.
Under data protection laws, I should have explicitly opted-in to these tracking pixels, but I have not been given that option.
For more information, please see this information from the ICO:
Please stop tracking the emails you send to me.
In the event the organisation won’t turn tracking pixels off for you, you can then take it to the ICO. The ICO’s complaint form is straightforward but requires copies of the correspondence.
The form is available here:
Spread the word: share on social media and tell your friends, especially if they’re unlikely to know about these.
Consider adding a note to your personal email and/or mailing lists:
This email doesn’t track you.
The more awareness that can be raised about spy pixel, the more likely it is there will be a positive result.
This is true even if you don’t live in the UK: signal boosting has a network effect and sharing the site spreads awareness of spy pixels.
In real-life, tell family members about spy pixels and what they can do to block them or raise a complaint.
A note on compliance and companies
Ultimately, the goal is for organisations to take user’s privacy more seriously. That might happen through seeing that users care about this enough to complain or by action from the regulator.
This stuff is quite technically complex and switching/turning off tracking will depend on the underlying services and context. For instance, mailing list providers don’t always allow users to turn off tracking and transactional email tracking might be controlled by a lower-level service.
For those reasons, please consider only submitting complaints to larger companies that have the capacity to deal with this. Many small companies are having a tough time at the moment.
Through increased awareness and the widespread implications of any regulatory action, we can hope that users are given more control over whether they accept these pixels.
‘Spy pixels’ now endemic in marketing emails and can tell firms when and where you opened them
Telegraph, 17th February 2021
‘Spy pixels in emails have become endemic’
BBC, 17th February 2021
Saving People From Themselves
Liam Nugent, 13th July 2020
Marking the end of pixel trackers in Basecamp emails
Signal V. Noise, 28th August, 2019
Superhuman’s Superficial Privacy Fixes Do Not Prevent It From Spying on You
Mike Davidson, 8th July 2019
Superhuman, 3rd July 2019
Superhuman is Spying on You
Mike Davidson, 2nd July, 2019