What Are Email Tracking Pixels and How Are They Used?
Email tracking pixels are small, typically invisible image files embedded into many mass marketing emails. These pixels are typically one pixel by one pixel in size — hence the name — and are hosted on a remote server. When a recipient opens an email containing such a pixel, their device automatically loads the image from the server, which generates a record of the interaction.
While tracking pixels might sound sinister, these tools are widely used in digital marketing and analytics to track user engagement. Their capabilities include:
- Email Open Tracking: Marketers can determine when and how often an email is opened, providing insights into engagement rates.
- Geolocation Data: By identifying the IP address of the device accessing the email, pixels can approximate the recipient’s geographic location.
- Device and Browser Information: The type of device, operating system, and browser used to view the email can be recorded, helping optimize marketing strategies for specific platforms.
- Interaction Tracking: Pixels can track whether a recipient clicks on links within the email, forwards it, or downloads attachments.
- Time Spent Reading: Some pixels measure how long a recipient views the email, providing insights into content effectiveness.
The information gathered through tracking pixels is used for designing targeted advertising campaigns, segmenting audiences, and improving overall marketing effectiveness. For example, data collected from tracking pixels can help businesses identify high-value customers, refine messaging, and improve conversion rates.
However, these pixels are leading to allegations of unauthorized data collection in violation of Arizona’s Telephone, Utility, and Communication Service Records Act.
The Arizona Telephone, Utility, and Communication Service Records Act
Overview of the Act
The Arizona’s Telephone, Utility, and Communication Service Records Act is a state statute regulating the collection and use of, among other things, Arizonans’ “Communication Service Records.” Under the law, it is unlawful to knowingly obtain a Communication Service Record without consent by fraudulent, deceptive, or false means.
The statute defines “communication service records” broadly as a record that includes a variety of subscriber information. This includes name, address, payment method, telephone number, electronic account identification and associated screen names, access logs, and more. While the law was initially modeled after federal telephone privacy protections, Arizona expanded its scope to include modern forms of communication, such as email.
Unique Features of the Telephone, Utility, and Communication Service Records Act
One distinguishing feature of the Act, the same that makes it attractive to plaintiff’s firms, is its private right of action, allowing individuals to sue for violations. Plaintiffs may recover economic damages of at least $1,000 per violation.
This private right of action, coupled with the potential for per-email violations, makes the Act particularly dangerous to any company using tracking pixels in mass marketing emails.
The Current Legal Landscape: Arguments for and Against Spy Pixel Claims
Plaintiff Arguments
In recent class action lawsuits (many against large consumer brands), plaintiff’s firms argued a variety of theories:
- Violation of Consent Requirements: Plaintiffs claim they were not informed of the tracking nor provided an opportunity to consent.
- Broad Interpretation of “Communication Service Records”: Data collected by tracking pixels, such as access logs and email interaction records, is argued to fall within the Act’s definition of communication service records.
- Per-Email Violations: Plaintiffs contend that each email sent with a tracking pixel constitutes a separate statutory violation, amplifying potential damages.
Defendant Responses
Defendants in these cases have raised several defenses, including:
- Standing: Companies argue that plaintiffs lack Article III standing because they fail to demonstrate concrete harm resulting from the alleged tracking.
- Statutory Scope: Defendants assert that the Act was not designed to regulate email analytics technologies and that its provisions do not encompass tracking pixel data.
- Ambiguities in the Law: With no prior dispositive case law interpreting the Act’s applicability to email pixel tracking, defendants argue that the statute should not be expansively applied to technologies not contemplated when the law was enacted.
Though many claims are in the initial stages, the defendants have scored some initial early “wins,” assuming hefty litigation fees in defensive of a nuisance claim can be considered a win. Its unknown how many other targets have quietly settled.
Practical Compliance Recommendations for Businesses
As the number of email tracking pixel lawsuits grow, businesses must take proactive steps to minimize risk rather than hope for a favorable outcome in court. Preventative measures include:
- Audit: Step one is determining if your emails contain these tracking pixels. Remember, they may also be placed by third-party vendors, an issue that has been prevalent in a number of these initial claims. Review vendor agreements to confirm that pixel tracking technologies are either prohibited or comply with regulatory requirements and your organization’s privacy policies.
- Transparency and Disclosure: Update privacy policies to explicitly disclose the use of tracking technologies in marketing emails, and link to the policy in every marketing email. This weakens potential arguments that pixel usage is “deceptive.” Ensure that disclosures are clear, concise, and written in plain language to meet consumer expectations and regulatory standards.
- Obtain Consent: While transparency is important, the closest thing to a silver bullet for these claims is consent. Consider implementing an affirmative opt-in process for email communications that includes a pixel tracking disclosure. Admittedly, this goes above and beyond even many best-in-class email consents in the United States. Such consent could be presented only to Arizonans to minimize the impact in other jurisdictions.
Conclusion
Like many nuisance suits before them, email pixel claims under Arizona’s Telephone, Utility, and Communication Service Records Act have less to do with winning on the merits than on making yourself an unattractive target in the first place. While email tracking pixels may be as ubiquitous as grains of sand in the Sonoran Desert, nuisance claims related to them don’t have to be.
Reprinted with permission from the February 2025 issue of Cybersecurity Law & Strategy. © 2025 ALM Global, LLC. Further duplication without permission is prohibited. All rights reserved.
