Home Resources The Privacy Series: Pixels perpetuating privacy concerns The Privacy Series: Pixels perpetuating privacy concerns To help marketers prepare for the impact that the privacy reforms will have on the industry and our practices, we have created The Privacy Series. Each month we will deep dive into one of the key components set to reshape the Privacy Act to understand what they mean for marketers and their businesses. Pixels perpetuating privacy concerns The latest digital marketing mechanism to come under fire since cookie deprecation has stopped making headlines is the pixel. Also well known as a tracking pixel, to date these have been a powerful tool in the digital marketer’s playbook. Their ability to track user behaviour, optimise campaigns and increase ROI is the type of daily activity marketers have become accustomed too. However, growing privacy concerns and the linkages tracking pixels have with third-party platforms have led to their recent scrutiny, and rightfully so amidst privacy reform in Australia. In this next edition of the Privacy series, we will unpack what a tracking pixel is, how compliance in pixel deployment is now being aggressively policed, and what implications that has for marketers. What are pixels? As a starting point, a pixel can be best understood as being cookie adjacent. Both are digital marketing tools used for website tracking, however they operate in different ways. A pixel is an invisible image that is embedded within a webpage, email or digital advertisement. Whenever these mediums are loaded, the pixel then sends data back to the server that it is connected to. The data that the pixel captures relates to tracking user actions. This includes actions like page views, conversions, button clicks, form submissions, video views, even scroll-depth – just to name a few. Tracking is the primary purpose of a pixel, in comparison to a cookie which is more concerned with storing data on a user’s device. The issue with pixels, as it is with cookies, is that the data captured can include personal information like IP addresses, browsing history, and even form inputs such as name, address, date of birth, email address and phone number, which all raise significant privacy concerns. This is particularly relevant as the server the pixel is connected to and therefore transmits the data to, is a third-party platform. As with all digital marketing tracking tools, organisations are responsible for ensuring that their use of pixels complies with the Privacy Act (1988) and the 13 Australian Privacy Principles (APPs) governing the rights and obligations around the collection, use and disclosure of personal information. Source: https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/tracking-pixels-and-privacy-obligations The Kind enforcer The first tranche of privacy reform granted stronger enforcement powers to the Office of the Australian Information Commissioner (OAIC). In short, the new tiered penalty structure is designed to capture a broader range of contraventions of the Privacy Act. This is a significant shift away from the existing practice of only penalising practices that constitute a ’serious’ or ‘repeated’ interference with the privacy of individuals. That means the OAIC now has the power to issue substantial fines for infringements and administrative breaches, ranging from $66,000 up to $330,000, and Australia's Privacy Commissioner, Carly Kind, aims to take a more enforced approach with aggressive policing. She expects to use infringement notices in a similar way as both the ACMA and the ACCC. Ahead of an enforcement crackdown, this month the OAIC published new advice on pixels and personal information. The guidance states that organisations seeking to deploy third-party tracking pixels on their website must ensure these are configured and used in a way that is compliant with the Privacy Act. The Privacy Act does not strictly prohibit the use of third-party tracking pixels. However, ensuring they are used in a way that is compliant with the APPs is essential. As part of the crackdown, the OAIC will be paying close attention to ensure businesses utilising pixel tracking are compliant with a handful of particular APPs. The first being APP 3 – collection – whereby data collection must be determined as reasonably necessary, and sensitive information will require explicit consent. The second is APP 6 – use and disclosure – which is concerned that personal information collected via pixels can only be used or disclosed for the original purpose, or a related secondary purpose with consent, or if reasonably expected by the individual. The third is APP 7 – direct marketing – which determines that specific requirements apply to using personal information gathered through tracking pixels for targeted advertising, and that opt-out mechanisms must be provided. And finally, APPs 1 and 5 – transparency – organisations must have clear and up-to-date privacy policies and provide notices informing individuals about the use of tracking pixels and their data. The OAIC Determination in a recent leading homeware supplies retailer matter suggests that the Privacy Commissioner takes a very robust view of APP 1. Businesses lacking any of these provisions will be in breach of the Act and at risk of penalties for non-compliance. The OAIC strongly encourages organisations to err on the side of caution and comply with the Privacy Act when using tracking pixels. The impact for marketers As pixels have been used to date to by marketers for purposes such as remarketing, audience targeting, campaign optimisation, conversion tracking and ROI, what are the implications of the OAIC’s crackdown on their use? To put it simply, marketers will need to ensure stringent compliance if they continue to deploy tracking pixels, or risk being issued an eye-watering fine for a breach. To avoid a breach and in pursuit of best practice, marketers should complete rigorous due diligence and thoroughly assess the functionality and privacy risks of third-party tracking pixels before deployment. This includes reviewing the provider terms and conditions and ensuring ongoing compliance with regular reviews, moving away from a "set and forget" approach. As part of the due diligence process, marketers should seek data minimisation strategies. Firstly, take the opportunity to shed any unnecessary data you have stored, then configure pixels to collect and share the minimum amount of data necessary. One way of doing this is to consider limiting pixel deployment to specific webpages. Additionally, as sensitive information requires express consent, avoid collecting it through pixels with appropriate configuration. Otherwise, be sure you have auditable record of where express consent to do so was obtained. This leads to the importance of transparency and control. Businesses must provide clear and accessible information about the use of tracking pixels, the types of data collected, and the purposes for which it is used. They must also grant the customer/user greater control and offer simple opt-out mechanisms for direct marketing. Of course, if you are integrating privacy considerations from the outset and potentially conducting Privacy Impact Assessments (PIAs) to identify and mitigate potential harms in a privacy by design approach, you’ll put yourself in the best position possible to avoid any unintended breaches. At the very least, businesses should absolutely take this as fair warning to continue preparing for the full privacy reform. This is not the time to take your foot off the gas and become complacent. If breaches are occurring under the existing Privacy Act, then the amended bill in its entirety will most certainly result in non-compliance unless you get your house in order. FIND OUT FIRST, STAY CONNECTED Sign up to receive ADMA newsletters, updates, trends, special offers, events, critical issues and more Job role*Agency Account Manager/ExecutiveAgency Account/Strategy DirectorCDOCEO / Managing DirectorClient Service / Sales ManagerClient Service/Sales DirectorCMO / CCO / Marketing DirectorCreative Director / HeadData Analyst / Scientist / EngineerDesigner/Copywriter/Creative ManagerEarly Career Data Analyst / Scientist / EngineerHead of Analytics / Analytics LeaderHead of Category/Customer Experience/InsightsHead of Marketing/BrandHead of ProductHR/Learning and Development ManagersIT Director/ManagerLegal/RegulatoryMarketing ConsultantMarketing Executive / CoordinatorMarketing Freelancer / ContractorProduct / Brand / Digital / Communication ManagerSenior Data Analyst / Scientist / EngineerSenior Marketing/Brand ManagerOther You may unsubscribe at any time using the link provided in the communication. View our Privacy Policy. Filter Resources Filter Courses Capability Capability Campaign Integration Compliance Customer Experience Marketing Technology Insights Learnings Brand Development Content Format Content Format Information sheet Member-only Press-release Article Blog Case Study Data Event Infographic Media Coverage Research Tool-kit Video Webinar Whitepaper Topics Topics CMO Spotlight Global Forum Global Forum 2023 Resource Compliance Resources CEO Blog Compliance Regulatory Content Copywriting Creative Data Data-driven Marketing Digital Campaigns Leadership Social Media Thought Leadership Blog FROM THE CEO 27th Mar 2023 6 min Marketers, speaking up is important in privacy debates Speak now, or forever hold your peace… That’s not exactly true, but there is a deadline to respond to the Privacy Act Review Report. ADMA has been hearing from the data-driven marketing and advertising industry and there seems to be a general consensus on what we should be concerned about. Article 27th Mar 2023 5 mins 3 things you need to know about the Spam Act Nobody likes receiving pointless marketing emails, especially if they haven’t asked for them. Spam legislation exists to set out responsibilities for organisations who send commercial emails. Article 16th Mar 2023 3 mins ADMA encourages industry discussion & input in response to Privacy Act Review Report The Association for Data-driven Marketing and Advertising (ADMA) is calling on the industry to have its say to help shape the Government’s Review of the Privacy Act. Blog FROM THE CEO 23rd Feb 2023 6 min Andrea Martens: Is this D-Day for data-driven marketers? Is this D-Day for data-driven marketers? The release of the Privacy Act Review Report is a massive moment for us all, both as marketers and as consumers. It’s the first glimpse into what the future of data and privacy in Australia may well look like. And broadly speaking, there’s a lot to be positive about. Article 23rd Feb 2023 15 mins Privacy Act Review Report proves Australia is paving its own way Can’t get your head around the recently-released Privacy Act Review Report and its sweeping raft of changes? Sarla Fernando, ADMA’s Head of Regulatory and Advocacy starts to break down what marketers need to know. Article 23rd Feb 2023 10 mins The evolution of the meta-verse A reason for the recent investment in the Metaverse by Nike, Gucci, BMW, Vans, Stella Artois and Wendy’s is the fear they will join the list of past companies slow to adopt disruptive technologies. Load More
Blog FROM THE CEO 27th Mar 2023 6 min Marketers, speaking up is important in privacy debates Speak now, or forever hold your peace… That’s not exactly true, but there is a deadline to respond to the Privacy Act Review Report. ADMA has been hearing from the data-driven marketing and advertising industry and there seems to be a general consensus on what we should be concerned about.
Article 27th Mar 2023 5 mins 3 things you need to know about the Spam Act Nobody likes receiving pointless marketing emails, especially if they haven’t asked for them. Spam legislation exists to set out responsibilities for organisations who send commercial emails.
Article 16th Mar 2023 3 mins ADMA encourages industry discussion & input in response to Privacy Act Review Report The Association for Data-driven Marketing and Advertising (ADMA) is calling on the industry to have its say to help shape the Government’s Review of the Privacy Act.
Blog FROM THE CEO 23rd Feb 2023 6 min Andrea Martens: Is this D-Day for data-driven marketers? Is this D-Day for data-driven marketers? The release of the Privacy Act Review Report is a massive moment for us all, both as marketers and as consumers. It’s the first glimpse into what the future of data and privacy in Australia may well look like. And broadly speaking, there’s a lot to be positive about.
Article 23rd Feb 2023 15 mins Privacy Act Review Report proves Australia is paving its own way Can’t get your head around the recently-released Privacy Act Review Report and its sweeping raft of changes? Sarla Fernando, ADMA’s Head of Regulatory and Advocacy starts to break down what marketers need to know.
Article 23rd Feb 2023 10 mins The evolution of the meta-verse A reason for the recent investment in the Metaverse by Nike, Gucci, BMW, Vans, Stella Artois and Wendy’s is the fear they will join the list of past companies slow to adopt disruptive technologies.