
“We inform you of the use of tracking pixels in our email communications. » This sentence, or a close wording, has surely appeared multiple times in your mailbox in recent days. Banks, associations, administrations, media (including Bayard, the publisher of La Croix) all wrote, almost at the same time, to evoke a system whose existence was often ignored until then.
These tracking pixels are actually tiny invisible files, often reduced to the size of a single pixel, slipped into the body of an email. When opening the message, the messaging service will look for this image, and this simple technical call is enough to notify the sender that the email has been read.
This signal therefore makes it possible to give, for each recipient, the date and time of opening, the type of device used, and sometimes even an approximate location deduced from the IP address. However, this device does not provide access to the content of other messages or to all messaging. The process is reminiscent of cookies present on websites, but applies to a space perceived as more personal: the mailbox.
Why so many messages at the same time?
The flood of emails received in recent days is the consequence of a recommendation from the National Commission for Information Technology and Liberties (Cnil) published on April 14 and clarifying practices regarding tracers, a tool that until then had little supervision.
The Commission then recalled that a pixel can be freely added if the email is deemed necessary. This is the case when it comes to securing authentication, or removing an invalid address from a mailing list. This is also possible for so-called “transactional” emails such as order confirmations, password resets or package tracking. Conversely, specified the CNIL, as soon as a pixel is used to refine a profile, to personalize the content of messages according to reading habits, or to then target the Internet user on other channels such as online advertising, prior agreement becomes mandatory.
The April recommendation gave businesses three months to comply. The deadline expired on July 14, which explains the avalanche of messages sent in recent days, even if no immediate sanction is planned for latecomers.
What actually changes
The principle established by the CNIL is that of “free, informed and as easy to refuse as to accept” consent. Organizations must clearly present the purposes pursued, before seeking the Internet user’s agreement, and not afterwards. Ideally, this information should be given as soon as the email address is collected, so that the link between the address provided and the subsequent use of trackers is explicit from the start.
Consent must be able to be given separately when several distinct purposes are pursued: audience measurement, advertising personalization, fraud detection. Combining several uses in a single “I accept” button would indeed risk distorting freedom of choice.
It must also be possible to withdraw consent at any time, as simply as it was given, via a link at the bottom of the email.
Should you respond to these emails?
Most of the messages sent in recent days by companies include wording where the absence of a response constitutes tacit acceptance of “tracking pixels”. Not responding or clicking on the proposed link will allow the sender to continue using these markers in future mailings. Conversely, refusing a pixel will not block any service because these do not condition access to an account or a newsletter, recalls the CNIL.
Furthermore, most messaging services block the automatic loading of images by default, which already neutralizes a large part of these trackers. Not opening an email remains, ultimately, the simplest way to avoid any tracking.
This compliance is part of a broader movement to take control of personal data, initiated several years ago at the European level with the regulation of cookies on the Web. Electronic messaging, which has long remained on the fringes of these debates, is now joining the field of digital spaces for which the CNIL wants to guarantee transparency.


