This FAQ includes information related to the Danish data protection authority’s decision on spy pixels and further information on which personal data is processed in emails.
What legislation applies?
The use of spy pixels is governed by two different legislations. Firstly, the law on electronic communication (2022:482), (“LEK”) applies. This legislation states that to use technology that collects information from an individual's device—which is usually the case if using cookies or pixels, you need consent from the individual.
Secondly, the GDPR applies, to process the personal data you retrieve, you need a legal base. GDPR offers several legal bases, consent being one of them. However, most people interpret the legislation in the manner that if you need consent according to LEK, the only available legal base under the GDPR is consent as well.
How can consent for spy pixels be collected?
Exactly what personal information is processed by Voyado Engage from emails?
The personal information processed by Voyado Engage in general is stated in the Data Protection Agreement between us, see specifically Schedule A, your version of the DPA is available in your license agreement. The latest version of the DPA is available here.
For emails specifically, information is processed by the use of two different techniques, where only one uses pixels.
By use of pixels
Information about when an email has been opened by a specific contact. An image (pixel) with a unique URL will be included in emails to track opens.
By use of link decoration
Information about when a contact clicks on a specific link in a specific email and which link and which email was clicked. Email links are decorated with a unique ID and traffic passes through Engage to track clicks made by contacts. When contacts are redirected to the link destination, new link decoration with information from Engage is added, such as UTM-tags*, soft-login string* (encrypted email address, contact ID, discovery-key, email sent time), and site-tracking-id*.
*Link decoration information depends on Engage environment configuration.
What are the consequences of processing this data without consent and disclosure?
Is it possible to turn off the spy pixel functionality in Voyado Engage for specific contacts and keep it on for the users who have consented?
No, unfortunately, this functionality can only be turned off for the entire Engage environment. And that would mean that opening statistics will not be tracked, that includes segmentations based on email opens, automations based on email opens, and CTOR (click to open rate) for example.
Legal disclaimer: Please note that Voyado is not a legal professional adviser and that the information in this FAQ is only provided as guidance and that Voyado does not accept responsibility for any interpretations and actions based on the information.