Skip to Content Skip to Navigation

What is a tracking pixel and why are they are privacy concern?

Browser window illustration showing a tiny pixel in the corner of the screen and a magnifying glass

A tracking pixel is a piece of code that sits within a 1×1 pixel image, which is embedded in the HTML code of a website or email.

Types of tracking pixels that are commonly used by marketers include the Google Analytics and Facebook pixels.

Here’s how they work: once users visit a website or open an email, the pixel is automatically downloaded which sends an image request to the server on which the website or email is hosted.

This request is what lets the website owner or email sender know that you’ve visited a page or opened an email, enabling them to track your online activity.

Other types of information that pixels can collect about users can include how long they’ve spent on a page; the type of device they used to open their email; whether they clicked on any links or filled out any forms on a landing page; and the amount of times an email was opened.

While it sounds similar to how browser cookies work, the difference is that pixels can track users across multiple sites.

For example, if you’re running a Facebook retargeting campaign and install the Facebook pixel on your landing page, you can make ads for your product or service that “follow” users around the web to entice them back to their shopping cart.

Is pixel tracking legal?

Privacy laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) require businesses to disclose whether they collect any personally-identifiable information about users.

Given that tracking pixels collect information such as a person’s IP address, which could be combined with other data to identify an individual, businesses who use tracking pixels may need to comply with these laws.

A key reason why privacy advocates are concerned about the usage of tracking pixels is because they aren’t visible on a web page or in the email body – which likely means that most users aren’t even aware that they are being tracked and therefore cannot consent nor opt-out of tracking.

To comply with the laws, businesses should disclose the use of tracking pixels in their privacy policy; explain what types of data is being collected, how it’s being used and why; whether this information is being shared with any third parties (e.g. Google or Facebook); and how users can opt-out.

Facebook has also encouraged advertisers to update their pixel code to comply with the CCPA, which will allow them to limit the use of data from people based in California and meet their CCPA obligations.

While tracking pixels may seem harmless on the surface, today’s consumers are increasingly privacy-conscious and expect more transparency from the businesses they interact with online; keeping pace with the latest privacy laws is key to maintaining a trusted brand.

Generate a GDPR privacy policy with GetTerms.io

Create a custom GDPR-privacy policy for your business with GetTerms.io.

Generate Your Privacy Policy Now

Back to Blog Posts