A growing number of large brands are now regularly embedding tracking pixels in their emails, in what could be seen as a blatant disregard of privacy rules such as the GDPR.
Brands including British Airways, TalkTalk, Vodafone, Sainsbury's, Tesco, HSBC, Marks & Spencer, Asos, Unilever, and others were highlighted as offenders by premium email service, Hey, which analysed a cache of emails on the request of the BBC.
"On average, every Hey customer receives 24 emails per day that attempt to spy on them," Hey co-founder David Heinemeier Hansson noted, adding that this amounts to "grotesque invasion of privacy.”
- Take a look at these best malware removal software
- We've put together a list of the best endpoint protection software
- Protect your devices with these best antivirus software
Violation is the norm
Hansson added that the top 10% of users receive more than fifty emails with tracking pixels.
"We're processing over one million emails a day and we're just a tiny service compared to the likes of Gmail, but that's north of 600,000 spying attempts blocked every day,” he noted.
Speaking to the BBC, both British Airways and TalkTalk defended using of tracking pixels, saying it was a commonplace marketing tactic to better understand their customers.
In the guise of better customer engagement, the hidden pixels are usually used to track when, and the number of times, an email has been opened, and can even estimate the customers' rough physical location based on their IP address.
GDPR requires organizations to inform recipients of the pixels, and in most cases to obtain consent. However, Pat Walshe from Privacy Matters told the BBC that while the law is clear in terms of what is required of the advertisers, it isn’t backed up enough by regulatory enforcement.
“Just because this practice is widespread doesn't mean it's correct and acceptable,” believes Walshe.
- Shield yourself with these best identity theft protection services