Home Resources The Privacy Series: Pixels perpetuating privacy concerns The Privacy Series: Pixels perpetuating privacy concerns To help marketers prepare for the impact that the privacy reforms will have on the industry and our practices, we have created The Privacy Series. Each month we will deep dive into one of the key components set to reshape the Privacy Act to understand what they mean for marketers and their businesses. Pixels perpetuating privacy concerns The latest digital marketing mechanism to come under fire since cookie deprecation has stopped making headlines is the pixel. Also well known as a tracking pixel, to date these have been a powerful tool in the digital marketer’s playbook. Their ability to track user behaviour, optimise campaigns and increase ROI is the type of daily activity marketers have become accustomed too. However, growing privacy concerns and the linkages tracking pixels have with third-party platforms have led to their recent scrutiny, and rightfully so amidst privacy reform in Australia. In this next edition of the Privacy series, we will unpack what a tracking pixel is, how compliance in pixel deployment is now being aggressively policed, and what implications that has for marketers. What are pixels? As a starting point, a pixel can be best understood as being cookie adjacent. Both are digital marketing tools used for website tracking, however they operate in different ways. A pixel is an invisible image that is embedded within a webpage, email or digital advertisement. Whenever these mediums are loaded, the pixel then sends data back to the server that it is connected to. The data that the pixel captures relates to tracking user actions. This includes actions like page views, conversions, button clicks, form submissions, video views, even scroll-depth – just to name a few. Tracking is the primary purpose of a pixel, in comparison to a cookie which is more concerned with storing data on a user’s device. The issue with pixels, as it is with cookies, is that the data captured can include personal information like IP addresses, browsing history, and even form inputs such as name, address, date of birth, email address and phone number, which all raise significant privacy concerns. This is particularly relevant as the server the pixel is connected to and therefore transmits the data to, is a third-party platform. As with all digital marketing tracking tools, organisations are responsible for ensuring that their use of pixels complies with the Privacy Act (1988) and the 13 Australian Privacy Principles (APPs) governing the rights and obligations around the collection, use and disclosure of personal information. Source: https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/tracking-pixels-and-privacy-obligations The Kind enforcer The first tranche of privacy reform granted stronger enforcement powers to the Office of the Australian Information Commissioner (OAIC). In short, the new tiered penalty structure is designed to capture a broader range of contraventions of the Privacy Act. This is a significant shift away from the existing practice of only penalising practices that constitute a ’serious’ or ‘repeated’ interference with the privacy of individuals. That means the OAIC now has the power to issue substantial fines for infringements and administrative breaches, ranging from $66,000 up to $330,000, and Australia's Privacy Commissioner, Carly Kind, aims to take a more enforced approach with aggressive policing. She expects to use infringement notices in a similar way as both the ACMA and the ACCC. Ahead of an enforcement crackdown, this month the OAIC published new advice on pixels and personal information. The guidance states that organisations seeking to deploy third-party tracking pixels on their website must ensure these are configured and used in a way that is compliant with the Privacy Act. The Privacy Act does not strictly prohibit the use of third-party tracking pixels. However, ensuring they are used in a way that is compliant with the APPs is essential. As part of the crackdown, the OAIC will be paying close attention to ensure businesses utilising pixel tracking are compliant with a handful of particular APPs. The first being APP 3 – collection – whereby data collection must be determined as reasonably necessary, and sensitive information will require explicit consent. The second is APP 6 – use and disclosure – which is concerned that personal information collected via pixels can only be used or disclosed for the original purpose, or a related secondary purpose with consent, or if reasonably expected by the individual. The third is APP 7 – direct marketing – which determines that specific requirements apply to using personal information gathered through tracking pixels for targeted advertising, and that opt-out mechanisms must be provided. And finally, APPs 1 and 5 – transparency – organisations must have clear and up-to-date privacy policies and provide notices informing individuals about the use of tracking pixels and their data. The OAIC Determination in a recent leading homeware supplies retailer matter suggests that the Privacy Commissioner takes a very robust view of APP 1. Businesses lacking any of these provisions will be in breach of the Act and at risk of penalties for non-compliance. The OAIC strongly encourages organisations to err on the side of caution and comply with the Privacy Act when using tracking pixels. The impact for marketers As pixels have been used to date to by marketers for purposes such as remarketing, audience targeting, campaign optimisation, conversion tracking and ROI, what are the implications of the OAIC’s crackdown on their use? To put it simply, marketers will need to ensure stringent compliance if they continue to deploy tracking pixels, or risk being issued an eye-watering fine for a breach. To avoid a breach and in pursuit of best practice, marketers should complete rigorous due diligence and thoroughly assess the functionality and privacy risks of third-party tracking pixels before deployment. This includes reviewing the provider terms and conditions and ensuring ongoing compliance with regular reviews, moving away from a "set and forget" approach. As part of the due diligence process, marketers should seek data minimisation strategies. Firstly, take the opportunity to shed any unnecessary data you have stored, then configure pixels to collect and share the minimum amount of data necessary. One way of doing this is to consider limiting pixel deployment to specific webpages. Additionally, as sensitive information requires express consent, avoid collecting it through pixels with appropriate configuration. Otherwise, be sure you have auditable record of where express consent to do so was obtained. This leads to the importance of transparency and control. Businesses must provide clear and accessible information about the use of tracking pixels, the types of data collected, and the purposes for which it is used. They must also grant the customer/user greater control and offer simple opt-out mechanisms for direct marketing. Of course, if you are integrating privacy considerations from the outset and potentially conducting Privacy Impact Assessments (PIAs) to identify and mitigate potential harms in a privacy by design approach, you’ll put yourself in the best position possible to avoid any unintended breaches. At the very least, businesses should absolutely take this as fair warning to continue preparing for the full privacy reform. This is not the time to take your foot off the gas and become complacent. If breaches are occurring under the existing Privacy Act, then the amended bill in its entirety will most certainly result in non-compliance unless you get your house in order. FIND OUT FIRST, STAY CONNECTED Sign up to receive ADMA newsletters, updates, trends, special offers, events, critical issues and more Job role*Agency Account Manager/ExecutiveAgency Account/Strategy DirectorCDOCEO / Managing DirectorClient Service / Sales ManagerClient Service/Sales DirectorCMO / CCO / Marketing DirectorCreative Director / HeadData Analyst / Scientist / EngineerDesigner/Copywriter/Creative ManagerEarly Career Data Analyst / Scientist / EngineerHead of Analytics / Analytics LeaderHead of Category/Customer Experience/InsightsHead of Marketing/BrandHead of ProductHR/Learning and Development ManagersIT Director/ManagerLegal/RegulatoryMarketing ConsultantMarketing Executive / CoordinatorMarketing Freelancer / ContractorProduct / Brand / Digital / Communication ManagerSenior Data Analyst / Scientist / EngineerSenior Marketing/Brand ManagerOther You may unsubscribe at any time using the link provided in the communication. View our Privacy Policy. Filter Resources Filter Courses Capability Capability Campaign Integration Compliance Customer Experience Marketing Technology Insights Learnings Brand Development Content Format Content Format Information sheet Member-only Press-release Article Blog Case Study Data Event Infographic Media Coverage Research Tool-kit Video Webinar Whitepaper Topics Topics CMO Spotlight Global Forum Global Forum 2023 Resource Compliance Resources CEO Blog Compliance Regulatory Content Copywriting Creative Data Data-driven Marketing Digital Campaigns Leadership Social Media Thought Leadership Article 10th May 2023 7 mins Top 7 digital skills for marketers in 2023 Digital marketing is increasingly layered in its complexity. As it continues to evolve rapidly, marketers must try to keep up by continually developing their knowledge and capabilities. Article 06th May 2023 8 mins Privacy Act Review Report Submission Summary The recent Privacy Act Review Report was a watershed moment for privacy in Australia and an important inflection point for data-driven marketing. ADMA as the peak body for data-driven marketers was heavily involved in the consultation with the regulatory bodies and provided a lengthy submission. Article 04th May 2023 16 mins Regulatory Update: What marketers need to know 4th April 2023 The Government will appoint a standalone Privacy Commissioner to deal with the growing threats to data security and the increasing volume and complexity of privacy issues. Announced yesterday by Australia’s Attorney General, Mark Dreyfus, the appointment of the standalone Privacy Commissioner role will see the current Australian Information Commissioner, Ms Angeline Falk, retain the Information Commissioner and head of the OAIC role. Article 04th May 2023 14 mins Are these five Martech mistakes holding you back? Martech integration is a growing challenge for organisations – and it’s holding them back from creating the right customer experiences. Here are five common mistakes to avoid to ensure your tech stack works for you. Article 01st May 2023 10 mins What is Customer Experience (CX) and why does it matter? Brands today have a tough gig. Countless external factors are influencing customers, from inflation to climate change. To top it off, customers have never had more choice – all while the cost of switching brands has never been lower. It is important to understand how a customer perceives a brand - so what is customer experience? 18th Apr 2023 Submission in response to the Privacy Act Review Report 2022 | ADMA's response Earlier this year, the Attorney General's Department released its review of the Privacy Act. This review outlined 116 proposals - many of which ADMA supports, there are some that could fundamentally change the data-driven marketing and advertising industry as a whole. ADMA’s submission outlines positions that our members from across the data-driven marketing industry have expressed to us. To read ADMA's submission, click here. Load More
Article 10th May 2023 7 mins Top 7 digital skills for marketers in 2023 Digital marketing is increasingly layered in its complexity. As it continues to evolve rapidly, marketers must try to keep up by continually developing their knowledge and capabilities.
Article 06th May 2023 8 mins Privacy Act Review Report Submission Summary The recent Privacy Act Review Report was a watershed moment for privacy in Australia and an important inflection point for data-driven marketing. ADMA as the peak body for data-driven marketers was heavily involved in the consultation with the regulatory bodies and provided a lengthy submission.
Article 04th May 2023 16 mins Regulatory Update: What marketers need to know 4th April 2023 The Government will appoint a standalone Privacy Commissioner to deal with the growing threats to data security and the increasing volume and complexity of privacy issues. Announced yesterday by Australia’s Attorney General, Mark Dreyfus, the appointment of the standalone Privacy Commissioner role will see the current Australian Information Commissioner, Ms Angeline Falk, retain the Information Commissioner and head of the OAIC role.
Article 04th May 2023 14 mins Are these five Martech mistakes holding you back? Martech integration is a growing challenge for organisations – and it’s holding them back from creating the right customer experiences. Here are five common mistakes to avoid to ensure your tech stack works for you.
Article 01st May 2023 10 mins What is Customer Experience (CX) and why does it matter? Brands today have a tough gig. Countless external factors are influencing customers, from inflation to climate change. To top it off, customers have never had more choice – all while the cost of switching brands has never been lower. It is important to understand how a customer perceives a brand - so what is customer experience?
18th Apr 2023 Submission in response to the Privacy Act Review Report 2022 | ADMA's response Earlier this year, the Attorney General's Department released its review of the Privacy Act. This review outlined 116 proposals - many of which ADMA supports, there are some that could fundamentally change the data-driven marketing and advertising industry as a whole. ADMA’s submission outlines positions that our members from across the data-driven marketing industry have expressed to us. To read ADMA's submission, click here.