Do Apple and GDPR want the end of email marketing?
Posted: Thu Dec 05, 2024 6:48 am
Apple-Mail-Privacy-Protection-email-marketing
The last days of the tracking pixel?
Apple, the self-proclaimed ultimate defender of consumer privacy, has just announced the next edition of its operating system . To put it simply, in its current incarnation, the system implemented by Apple will no longer allow routing solution providers to retrieve information related to the display of a pixel (also called a beacon) in the email. This means that the router will receive the information that all emails sent to Apple domains have been opened or closed (depending on the mechanism that will be implemented). The accuracy of campaign reports will of course suffer.
Many marketers ask us how Apple's attitude will affect them and, more list of azerbaijan whatsapp phone numbers generally, what the consequences will be of a strengthening of requirements (particularly at European level) in terms of the protection of personal data.
In order to enlighten marketers, I will play the game of questions and answers (I do both) regarding the monitoring of the behavior of email recipients.
1. The opening rate, an outdated indicator?
Apple is not alone in fighting against email opening tracking. Other email readers have decided to stop providing information about openings by caching tracking pixels. This is notably the case of Hey, the email reader launched by the famous David Heinemeier Hansson , creator of the Ruby programming language.
Apple does not represent more than twenty percent of the email reader market (Apple is far behind Gmail and Yahoo for example). It is safe to say that 50% of users will want to remove any possibility of tracking opens. This means that Apple technology will affect, at most, 10% of campaign results.
Furthermore, some studies show that data from other email providers is also wrong, because for optimization reasons they already remove some beacons by replacing them with cached images.
More fundamentally, we can ask ourselves the question of the relevance of the opening rate as the main metric of the success of email campaigns. In the same way as for digital advertising where we know that the display figures for banners and videos are largely fanciful (Google and Facebook have often been caught red-handed), we must get used to imperfect data in terms of opening.
It is therefore necessary to favor other methods of evaluating the quality of email campaigns. In this regard, click data is obviously the most relevant since it not only allows us to determine that the message has been opened and read, but also allows us to truly measure the engagement rate.
On the other hand, opening tracking is essential for marketing automation solutions that rely on opening (or non-opening) information to trigger the following actions in a scenario.
Let us see if we can find, in the regulations applicable to the matter, a solution to the thorny problem of monitoring openings.
2. What does GDPR say about email opening tracking?
If only Apple and a few other email services were stopping them from doing their job, it would hardly disturb the sleep of marketers.
I would dare say that Apple's kicks are the least of their worries. What seems to worry them much more are the positions of the national data protection authorities gathered in the "Article 29" working group, whose work is now continued by the EPDB (European Data Protection Board).
This working group thus argues that the only way to justify the collection of information relating to the opening of an email is the unambiguous consent of the recipient.
I think this interpretation is inaccurate.
It all depends on the intended purpose. Opening tracking can indeed be used for purposes unrelated to marketing or profiling. In particular, it is a means of judging whether an email address is a valid address in order to improve the deliverability of campaigns by avoiding spam traps. This processing is justified by the legitimate interest of the sender in ensuring the proper delivery of their messages. Exactly the same way that the post office creates a file of people living at a given address in order to avoid having to, for example, send a postman to deliver a registered letter to an address that no longer exists.
Furthermore, even if the sole purpose of tracking was to monitor marketing campaigns, legitimate interest could justify it.
As highlighted in a previous article, the very text of the GDPR provides, among the justifications for direct marketing processing, the legitimate interest of the sender. This is particularly true for BtoB communications.
The GDPR, however, provides that in this case, the data subject must be allowed to object to marketing processing (recital 70 and article 21). The text thus specifies that the data subject may object " at any time to the processing of personal data concerning him or her for such prospecting purposes, including profiling to the extent that it is linked to such prospecting ".
This is indeed a form of opt-out. But this opt-out is general. There is no mention of the possibility of a partial opt-out, at the end of which one could accept prospecting, but not profiling, for example.
If we take the reasoning further, we can say that the text inseparably links prospecting and profiling (I think this is an error on the part of the legislator, because it could have been decided otherwise). So if we accept that we can prospect on the basis of legitimate interest, we can also "profile" on the basis of legitimate interest and, therefore, track the user's behavior without explicit consent.
And, even if we were not to admit the justification based on legitimate interest, we could fall back on the consent of the person concerned.
Indeed, it would be enough, when collecting the opt-in to send an email, to specify "You agree to receive emails from brand X. By doing so, you agree that we process your data and in particular that we track the opening of these emails in order to ensure the quality of our communication with you". There is certainly a way to do it more succinctly, but this gives you an idea of how to proceed.
3. Is the pixel a cookie like any other?
Another justification for the ban on tracking the opening of emails would, according to the Article 29 Working Party, be found in the principle ban on placing cookies without the consent of the person concerned.
It is true that, by the generality of its terms, the so-called ePrivacy directive embraces all techniques aimed at tracking users.
However, the text provides, in its Article 5.3: " Member States shall ensure that the use of electronic communications networks for the purpose of storing information or accessing information stored in the terminal equipment of a subscriber or user is permitted only on condition that the subscriber or user is provided, in compliance with Directive 95/46/EC, with clear and complete information, inter alia on the purposes of the processing, and that the subscriber or user has the right to refuse such processing by the data controller. This provision shall not preclude storage or technical access aimed exclusively at carrying out or facilitating the transmission of a communication via an electronic communications network, or strictly necessary for the provision of an information society service expressly requested by the subscriber or user. "
This text requires a little explanation to be well understood.
" The use of electronic means to store information on the terminal " refers to cookies which constitute information and which are actually placed in a file on the user's computer which can then be reread.
Does it apply to the famous pixel? It is less clear. Indeed, sending an email does not involve storing anything in the user's terminal. The email is in fact generally stored on a remote server.
But this is not the most interesting aspect of the text. It provides for the obligation to inform and offers a right to object to the processing of data (which can be easily done at the time of registering an email address) unless the storage is intended " exclusively to carry out or facilitate transmission via a network ".
Now it is clear that to ensure that the email has been delivered, the sender must be able to determine whether it has been read. This allows, if necessary, to resend the unread email to the recipient.
If the purpose of the openness measure is therefore to facilitate the transmission of the message, there is no need to inform the recipient or offer them the possibility of refusing processing.
Since the directive is a text that allows for interpretation, it is certain that each Member State will propose its own. And it is a safe bet that some data protection authorities will adopt a strict reading of the text, leading to a conclusion that is the opposite of mine.
There is therefore a risk that our famous pixel could be attacked for non-compliance with the ePrivacy directive.
4. How to mitigate the consequences of the disappearance of the tracking pixel?
You can already prepare for the gradual disappearance of tracking pixels by creating, for example, a "repellent" segment containing addresses linked to domains that do not allow opening tracking or offer poor quality tracking of them. At least, the structurally false data coming from Apple domains will not pollute your opening data.
Other possibilities include making emails more interactive and prompting users to respond in a way that establishes that they have seen the content of your email.
Finally, as mentioned above, we suggest that you already adapt the information formula linked to the request for registration to your newsletter.
5. What is Actito’s vision on email behavior tracking?
Actito has, since the beginning, adopted an attitude of "privacy by design", that is to say that we only collect and process the data that we consider necessary for the routing of electronic messages and the monitoring of communications. We do not collect data for the simple fact of collecting data.
Besides the bounce, the opening of emails is an important element to determine if a message has been received by the user.
In particular, it allows the calculation of the recipients' "engagement score" but also allows Actito to determine the order in which emails are sent in order to ensure that they are delivered in the best possible conditions.
We therefore believe that tracking openings is an essential element linked to the email channel and that the collection of information linked to it is justified by a legitimate interest.
However, we have implemented mechanisms to limit link tracking, particularly in transactional emails . And, in the coming months, we will offer additional possibilities to manage this tracking in a more granular manner by allowing, for example, each recipient to request the cessation of individual tracking.
The last days of the tracking pixel?
Apple, the self-proclaimed ultimate defender of consumer privacy, has just announced the next edition of its operating system . To put it simply, in its current incarnation, the system implemented by Apple will no longer allow routing solution providers to retrieve information related to the display of a pixel (also called a beacon) in the email. This means that the router will receive the information that all emails sent to Apple domains have been opened or closed (depending on the mechanism that will be implemented). The accuracy of campaign reports will of course suffer.
Many marketers ask us how Apple's attitude will affect them and, more list of azerbaijan whatsapp phone numbers generally, what the consequences will be of a strengthening of requirements (particularly at European level) in terms of the protection of personal data.
In order to enlighten marketers, I will play the game of questions and answers (I do both) regarding the monitoring of the behavior of email recipients.
1. The opening rate, an outdated indicator?
Apple is not alone in fighting against email opening tracking. Other email readers have decided to stop providing information about openings by caching tracking pixels. This is notably the case of Hey, the email reader launched by the famous David Heinemeier Hansson , creator of the Ruby programming language.
Apple does not represent more than twenty percent of the email reader market (Apple is far behind Gmail and Yahoo for example). It is safe to say that 50% of users will want to remove any possibility of tracking opens. This means that Apple technology will affect, at most, 10% of campaign results.
Furthermore, some studies show that data from other email providers is also wrong, because for optimization reasons they already remove some beacons by replacing them with cached images.
More fundamentally, we can ask ourselves the question of the relevance of the opening rate as the main metric of the success of email campaigns. In the same way as for digital advertising where we know that the display figures for banners and videos are largely fanciful (Google and Facebook have often been caught red-handed), we must get used to imperfect data in terms of opening.
It is therefore necessary to favor other methods of evaluating the quality of email campaigns. In this regard, click data is obviously the most relevant since it not only allows us to determine that the message has been opened and read, but also allows us to truly measure the engagement rate.
On the other hand, opening tracking is essential for marketing automation solutions that rely on opening (or non-opening) information to trigger the following actions in a scenario.
Let us see if we can find, in the regulations applicable to the matter, a solution to the thorny problem of monitoring openings.
2. What does GDPR say about email opening tracking?
If only Apple and a few other email services were stopping them from doing their job, it would hardly disturb the sleep of marketers.
I would dare say that Apple's kicks are the least of their worries. What seems to worry them much more are the positions of the national data protection authorities gathered in the "Article 29" working group, whose work is now continued by the EPDB (European Data Protection Board).
This working group thus argues that the only way to justify the collection of information relating to the opening of an email is the unambiguous consent of the recipient.
I think this interpretation is inaccurate.
It all depends on the intended purpose. Opening tracking can indeed be used for purposes unrelated to marketing or profiling. In particular, it is a means of judging whether an email address is a valid address in order to improve the deliverability of campaigns by avoiding spam traps. This processing is justified by the legitimate interest of the sender in ensuring the proper delivery of their messages. Exactly the same way that the post office creates a file of people living at a given address in order to avoid having to, for example, send a postman to deliver a registered letter to an address that no longer exists.
Furthermore, even if the sole purpose of tracking was to monitor marketing campaigns, legitimate interest could justify it.
As highlighted in a previous article, the very text of the GDPR provides, among the justifications for direct marketing processing, the legitimate interest of the sender. This is particularly true for BtoB communications.
The GDPR, however, provides that in this case, the data subject must be allowed to object to marketing processing (recital 70 and article 21). The text thus specifies that the data subject may object " at any time to the processing of personal data concerning him or her for such prospecting purposes, including profiling to the extent that it is linked to such prospecting ".
This is indeed a form of opt-out. But this opt-out is general. There is no mention of the possibility of a partial opt-out, at the end of which one could accept prospecting, but not profiling, for example.
If we take the reasoning further, we can say that the text inseparably links prospecting and profiling (I think this is an error on the part of the legislator, because it could have been decided otherwise). So if we accept that we can prospect on the basis of legitimate interest, we can also "profile" on the basis of legitimate interest and, therefore, track the user's behavior without explicit consent.
And, even if we were not to admit the justification based on legitimate interest, we could fall back on the consent of the person concerned.
Indeed, it would be enough, when collecting the opt-in to send an email, to specify "You agree to receive emails from brand X. By doing so, you agree that we process your data and in particular that we track the opening of these emails in order to ensure the quality of our communication with you". There is certainly a way to do it more succinctly, but this gives you an idea of how to proceed.
3. Is the pixel a cookie like any other?
Another justification for the ban on tracking the opening of emails would, according to the Article 29 Working Party, be found in the principle ban on placing cookies without the consent of the person concerned.
It is true that, by the generality of its terms, the so-called ePrivacy directive embraces all techniques aimed at tracking users.
However, the text provides, in its Article 5.3: " Member States shall ensure that the use of electronic communications networks for the purpose of storing information or accessing information stored in the terminal equipment of a subscriber or user is permitted only on condition that the subscriber or user is provided, in compliance with Directive 95/46/EC, with clear and complete information, inter alia on the purposes of the processing, and that the subscriber or user has the right to refuse such processing by the data controller. This provision shall not preclude storage or technical access aimed exclusively at carrying out or facilitating the transmission of a communication via an electronic communications network, or strictly necessary for the provision of an information society service expressly requested by the subscriber or user. "
This text requires a little explanation to be well understood.
" The use of electronic means to store information on the terminal " refers to cookies which constitute information and which are actually placed in a file on the user's computer which can then be reread.
Does it apply to the famous pixel? It is less clear. Indeed, sending an email does not involve storing anything in the user's terminal. The email is in fact generally stored on a remote server.
But this is not the most interesting aspect of the text. It provides for the obligation to inform and offers a right to object to the processing of data (which can be easily done at the time of registering an email address) unless the storage is intended " exclusively to carry out or facilitate transmission via a network ".
Now it is clear that to ensure that the email has been delivered, the sender must be able to determine whether it has been read. This allows, if necessary, to resend the unread email to the recipient.
If the purpose of the openness measure is therefore to facilitate the transmission of the message, there is no need to inform the recipient or offer them the possibility of refusing processing.
Since the directive is a text that allows for interpretation, it is certain that each Member State will propose its own. And it is a safe bet that some data protection authorities will adopt a strict reading of the text, leading to a conclusion that is the opposite of mine.
There is therefore a risk that our famous pixel could be attacked for non-compliance with the ePrivacy directive.
4. How to mitigate the consequences of the disappearance of the tracking pixel?
You can already prepare for the gradual disappearance of tracking pixels by creating, for example, a "repellent" segment containing addresses linked to domains that do not allow opening tracking or offer poor quality tracking of them. At least, the structurally false data coming from Apple domains will not pollute your opening data.
Other possibilities include making emails more interactive and prompting users to respond in a way that establishes that they have seen the content of your email.
Finally, as mentioned above, we suggest that you already adapt the information formula linked to the request for registration to your newsletter.
5. What is Actito’s vision on email behavior tracking?
Actito has, since the beginning, adopted an attitude of "privacy by design", that is to say that we only collect and process the data that we consider necessary for the routing of electronic messages and the monitoring of communications. We do not collect data for the simple fact of collecting data.
Besides the bounce, the opening of emails is an important element to determine if a message has been received by the user.
In particular, it allows the calculation of the recipients' "engagement score" but also allows Actito to determine the order in which emails are sent in order to ensure that they are delivered in the best possible conditions.
We therefore believe that tracking openings is an essential element linked to the email channel and that the collection of information linked to it is justified by a legitimate interest.
However, we have implemented mechanisms to limit link tracking, particularly in transactional emails . And, in the coming months, we will offer additional possibilities to manage this tracking in a more granular manner by allowing, for example, each recipient to request the cessation of individual tracking.