As illustrated in this recent article in Wired, email tracking services and their counterparts, anti-tracking services, have been rapidly gaining ground on the web; to the point that 40% of all email being sent, and 99% of the majority of the emails you receive (newsletters, marketing materials, notifications and transactional emails) are now being tracked. There’s even a 16% chance any conversational email you receive from your professional contacts, friends, family, etc. is being actively tracked. Most if not all of this, without your consent.

Whether or not services like this are good or evil is really subjective, however if your organization is considering (or already using) an email tracking service, also consider the following:

  • Is the data being gathered without informed consent?
  • If so, have you reviewed your risk exposure with regards to complying with privacy regulations that require informed consent for obtaining information in this manner, such as GDPR and COPPA?
  • What action might the recipients take if they found out you were collecting this information?
  • What audit controls are in place to ensure the information being collected is not being misused?
  • How did you determine the value of the data you are collecting outweighs these risks?
  • Are you in compliance with rules and regulations related to marketing, such as the CAN-SPAM Act and the UK’s Privacy and Electronic Communications Regulations of 2003?
  • If you are adverse to the idea of your organization being tracked, do you have any controls in place to combat this threat?

If you have specific questions about email trackers and the potential risks of using or resisting them, please reach out directly to me or Amy Carlson.