_ Article

Are Apple and the GDPR trying to destroy email marketing?

The email world was in shock when Apple recently announced that it would make it harder to track open rates for emails. What to think?


Are the days of the tracking pixel numbered?

Apple, the self-proclaimed defender of consumer privacy, recently announced the newest incarnation of its operating system. To put it simply, email routing solution providers will effectively be prevented from retrieving any information related to the display of a tracking pixel (or beacon) in emails because of the new features. The router thus receives information that any emails sent to Apple domains have either all been opened or closed (depending on the mechanism put in place). The accuracy of campaign metrics will obviously suffer.

Many marketers have asked us how Apple’s approach will affect them and, more generally, what are the consequences of the tightened requirements (in particular at the European level) in terms of the protection of personal data. 

To shed more light on these issues, I have decided to use a question-and-answer format (I do both) to discuss email tracking and recipients’ behavior.

1. Open rate, an outdated metric?

Apple isn’t the only company to double down on email tracking. Other email services have also decided to stop providing information about open rates by caching tracking pixels. One example that comes to mind is Hey, the email service launched by David Heinemeier Hansson, the famous creator of the Ruby programming language.

Apple represents a 20% share of the email client market (lagging far behind Gmail and Yahoo, for example). The estimate is that 50% of all users will want to opt in and not disclose their email opens. This means that Apple technology will, at most, have an impact on 10% of campaign metrics.

In addition, some studies have shown that data from other email services are also incorrect as they already block some tracking beacons, replacing them with cached images, for purposes of optimization.

More fundamentally, we should ask ourselves whether using open rate as the main metric to measure the success of email campaigns is still relevant. We all know that the display stats for banners and videos in digital advertising are unrealistic at best (Google and Facebook have often been caught red-handed). Likewise we will have to get used to imperfect data for open rates.

We should therefore switch to other methods for evaluating the quality of email campaigns. Click rates are obviously the most relevant indicators in this regard, as they can be used to tell whether the message was opened and read, in addition to being a strong indicator for measuring engagement.

By contrast, tracking open rates is essential for marketing automation solutions that are based on open/not-open rate percentages to trigger the next actions in a scenario. 

Let’s see if there’s a way to solve the difficult issue of open tracking while respecting the current regulations.

2. What does the GDPR say about tracking the opening of emails?

Marketers wouldn’t lose any sleep if it was only Apple and a handful of other email services that were preventing them doing their job.

In fact, it’s fair to say that Apple’s upheaval is the least of their worries. What worries them all the more is the positions of the national data protection authorities which joined forces in the Article 29 Working Party. Its work is currently being continued by the EPDB (European Data Protection Board).

This working group argues that the only way to justify the collection of information about whether recipients open an email is by obtaining the recipient’s unambiguous consent.

I think that they are wrong. 

Everything depends on your intended goal. Open tracking can be used for other purposes that are not related to marketing or profiling. It is a tool to assess whether an email address is a valid address, to improve campaign deliverability and avoid spam trap email addresses. This processing is justified by the sender’s legitimate interest in ensuring that his emails are properly delivered. The post office proceeds in exactly the same way, creating a database of people who live at a given address to avoid having to send a postman to an address that no longer exists to deliver a registered letter.

Moreover, even if the only purpose of email tracking was the follow-up of marketing campaigns, legitimate interest could provide the grounds for this.

As I already pointed out in a previous article, the provisions of the GDPR include the sender’s legitimate interest among the grounds for sending direct marketing communications. This is especially true for B2B communications.

The GDPR does however state that in this case the data subject must have the right to object to the use of his data for marketing purposes (Recital 70 and Article 21). The article specifies that the data subject shall have the right to object “at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is linked to such direct marketing.”

This is just another way of giving the data subject an opt-out. But this is a general opt-out. The GDPR does not mention the possibility of a partial opt-out, at the end of which the data subject might consent to direct marketing, without profiling for example.

Taking this reasoning further, you could say that this Article inextricably links prospecting and profiling (I think the legislator made an error here, because they could have done this differently). So if you admit that you are prospecting on grounds of legitimate interest, you can also “profile” on grounds of legitimate interest, therefore tracking the behavior of data subjects without their explicit consent.

And even if the justification based on legitimate interest was not admitted, you could always still request the data subject’s content in that case.

In that case, it would be sufficient when requesting the opt-in for sending an email to specify the following: “You agree to receive emails from brand X. In doing so, you agree that we process your data and more specifically that we track whether you open these emails to ensure the quality of our communication with you.” Obviously, there is a more subtle way to go about this, but you get the gist.

3. Are pixels just cookies?

Another justification for the ban on email tracking and open rates, again according to the Article 29 Working Party, can be found in the principle which bans websites from storing cookies on computers without the user’s consent.

Because the wording of the ePrivacy Directive is so general, it encompasses all tracking techniques.

Under Article 5.3, “Member States shall ensure that the use of electronic communications network to store information, or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order provide an information society service explicitly requested by the subscriber or user.”

This text requires a bit of explaining to be fully understood.

“The use of electronic communications networks to store information in the terminal equipment” targets cookies which constitute information, and which are placed in a file on the user’s computer, which can then be read again.

Does this apply to the infamous pixel? Not that sure. Sending an email does not imply that you are storing anything in the user’s terminal equipment. Generally, an email is stored on a remote server.

But that is not what is most interesting about this text. The article provides for the obligation to inform the user or subscriber and offer the right to refuse processing of data (which can be easily guaranteed when registering an email address) unless the storage is “for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network”.

It is obvious that a sender must be able to determine whether an email was read to ensure that the email was sent correctly. As such, the unread email can then be resent to the recipient if necessary.

While open rate as a metric aims to facilitate transmission of a message, there is no need to inform the recipient of this, nor offer him the option to refuse this processing. 

As the Directive is open to interpretation, each Member State will obviously propose its own interpretation. And chances are that certain data protection authorities will go for a more rigorous interpretation, which will culminate in a conclusion that is completely the opposite of what I deduced.

The risk therefore exists that our famous pixel will be deemed non-compliant with the ePrivacy Directive.

4. How to mitigate the consequences of the disappearance of the tracking pixel?

You can already prepare yourself for the gradual disappearance of tracking pixels by creating a “repel” segment, for example, that contains all the addresses that are linked to domains that block email tracking or offer poor quality tracking. At the very least, the structurally false data from Apple domains will not pollute your open rate data in that case.

Other possibilities worth considering are making emails more interactive and encouraging users to respond in a way that establishes that they have seen the content of your email.

Finally, as I already indicated above, we already suggest that you already adapt the information in the subscription request for your newsletter.

5. What is Actito’s vision on email tracking?

From the outset, Actito has adopted a “privacy by design” attitude, meaning we only collect and process the data that we consider necessary for the routing of electronic communications and their follow-up. We do not collect data simply for collecting data.

In addition to the bounce rate, email open rate is an important element to determine whether the user effectively received a message.

In particular, it can be used to calculate recipient engagement scores. At the same time, it also allows Actito to determine the order in which emails are sent in order to ensure their delivery in the best conditions.

We therefore believe that open tracking is an essential aspect of email and that the collection of information related to it is justified on grounds of legitimate interest.

However, we have already added mechanisms to limit link tracking, especially in transactional emails. And, in the coming months, we will offer additional possibilities to manage this tracking in a more detailed way, for example by allowing each recipient to request the termination of individual tracking.

Any questions or comments regarding this article or the issue of tracking email campaigns?

About the author


Benoît De Nayer


Benoît is the co-founder and co-CEO of Actito. Since 2000, he has been overseeing the company's product strategy with humor and flair. He started his career as a lawyer and researcher in consumer law at the Université Catholique de Louvain (Belgium). He holds a master's degree in law from UCL and a master's degree in tax law from the Université Libre de Bruxelles. Passionate about the legal world, Benoît knows the GDPR regulation inside and out.

Want to receive our GDPR content directly in your inbox?