The CNIL and the end of invisible email tracking?
Why are companies currently sending messages about "tracking pixels"?
For several weeks, many companies have been informing their customers about the use of tracking pixels in their emails and offering them the option to opt out.
This wave of messages is directly linked to the recommendation published by the CNIL on 14 April 2026, regarding tracking pixels in emails. The CNIL specifies its position on the legal framework applicable to these tracking technologies.[cnil.fr]
What is a tracking pixel?
A tracking pixel is an invisible element embedded in an email that allows the sender to collect information about the recipient's interaction with the message.
According to the CNIL, it can notably determine:
- if the email has been opened;
- when it was opened;
- from what type of device;
- and, in some cases, an approximate location derived from the IP address.[cnil.fr]
Tracking pixels serve a function comparable to that of cookies used during web browsing and can be used for a variety of purposes: audience measurement, improving deliverability, content personalisation, or behavioural analysis.[cnil.fr]
Why is the CNIL interested in this practice?
For the CNIL, electronic messaging constitutes a personal space intended for the consultation of private content.
The use of tracking pixels therefore raises important questions regarding personal data protection and respect for privacy. It is notably the increase in the number of complaints received on this subject that has led the CNIL to publish specific recommendations. [cnil.fr], [cnil.fr]
The stated objective is to improve transparency, clarify the obligations of organisations, and enable the individuals concerned to better exercise their rights. [cnil.fr]
The paradox of consent: can one refuse tracking without being tracked oneself?
This is probably the most interesting question at the moment.
Many companies now offer a link allowing users to oppose email tracking.
But, from a technical point of view, the system must necessarily know:
Who requested the deactivation of tracking?
A simple click on the opposition link generally results in the identification of the recipient so that their choice can be recorded.
In other words:
- the user refuses tracking;
- the system nevertheless receives information allowing it to process this request;
- the company must then ensure that this information is not used for other purposes.
The real question is therefore not whether the click is technically recorded, but:
What happens to this information after the opposition?
A privacy-friendly model consists of retaining only :
Plain Text1Email address2+3Status : opt-out4+5Request dateShow more lines
without marketing enrichment, profiling or additional segmentation.
An evolution that could transcend French borders
Even if this recommendation comes from the CNIL, the stakes are clearly European.
The CNIL itself indicates that its analysis is part of the continuation of European work related to tracking technologies and that it complements existing guidelines regarding trackers and similar technologies.[cnil.fr]
To date, no other European authority seems to have published such a detailed final recommendation specifically dedicated to tracking pixels in emails.
However, the French position could serve as a reference for other supervisory authorities in the months and years to come.
Companies operating in several member states of the European Union would therefore benefit from closely monitoring this development.
What should companies do ?
Organisations should now check :
- if tracking pixels are used in their emails ;
- what objectives are pursued (deliverability, statistics, marketing, profiling, etc.) ;
- if additional information or consent is required ;
- how opt-out mechanisms are implemented ;
- what data is retained after exercising the right to opt-out.
This analysis concerns both marketing services and compliance officers, DPOs and legal departments.
Conclusion
For a long time, tracking pixels were considered a simple technical tool for measuring the effectiveness of email campaigns.
The CNIL's recommendation reminds us that an invisible pixel can raise fundamental questions regarding data protection, consent and respect for privacy. [cnil.fr]
Behind an invisible image of a pixel on a pixel lies a much broader debate today:
How far can companies track the digital activity of their recipients, and how can they reconcile marketing performance, transparency and respect for fundamental rights?
One thing is certain: the topic of tracking pixels has now come out of the shadows. And it is likely that the discussion is just beginning on a European scale.