Websites are ubiquitous, and so are cookies and tracking pixels (a/k/a web beacons). A web browser uses cookies to store login details and preferences; the cookies also track and profile user behavior. When visiting a website, you may have seen a cookie banner that explains what cookies are and asks whether you wish to accept, deny, or customize cookies, providing a link to a comprehensive cookie policy.
Many businesses may not even realize that their website uses tracking pixels, but these are commonly employed by web developers, marketing companies, and analytics platforms, including Google Analytics 4, Meta (formerly Facebook) Pixel, Matomo, Mixpanel, and others.
So why is this important?
California is well known for its beaches, but recently, waves of letters and lawsuits have been surfacing nationwide to challenge the use of tracking pixels unless the visitor to the website has explicitly given their consent; otherwise, it’s an invasion of privacy. Several courts have affirmed that tracking pixels are “Pen Trap and Trace devices” under the federal Patriot Act and California’s Invasion of Privacy Act (“CIPA”). Additionally, California’s Penal Code permits civil actions for violations of CIPA, with damages of $5,000 per violation.
Rather than fight, many businesses that receive these letters or are sued simply settle, and the demands typically far exceed $5000. Agreeing to changes to the website’s policies is typically a required settlement term. The Federal Trade Commission is also monitoring the use of tracking pixels on social media and streaming platforms, issuing orders for information in 2024 to Amazon, Meta, YouTube, X, Snap, ByteDance, Discord, Reddit, and WhatsApp. The FTC is particularly concerned about this type of “submarine” data collection from children and teens.
What can you do?
- First, conduct an audit and determine if your website utilizes tracking pixels and, if so, identify the specific purposes, for instance, collecting IP addresses, device identification, browser history (such as page views), purchase history, geographic location, measuring advertising performance, monitoring purchases, retargeting users for future visits, and sharing the collected data with others.
- Second, if the answer is yes, create a pixel consent banner and link it to a pixel policy that specifies each purpose of a tracking pixel, based on your audit. The pixel consent banner is like the cookie banner, allowing users to consent to specific types of tracking or opt out of some or all tracking. But the user’s choices must be technically implemented by the business.
- Third, read the contract with your website developer or marketing company to assess who is responsible for claims related to cookies and tracking pixels.
- Lastly, check with your insurance broker to determine if any of your insurance policies cover these types of claims and to see if the insurance company has any recommendations for your business.
Knowing whether you have a “pixelation” problem is the first step to a solution.
[View source.]
