Knowledge is power, but what is allowed?
The government body that manages student grants and free public transport for students in the Netherlands, the Dienst Uitvoering Onderwijs (DUO), made the headlines recently because they had to stop using tracking in their emails by order of the Dutch Data Protection Authority. The decision was made after a newspaper, de Volkskrant, revealed that using tracking technology in their emails to students was in violation of the GDPR.
While the newspaper was correct in its conclusion that DUO was not allowed to use tracking technology in their emails, the article was somewhat vague, and some might say even misleading. In their report, de Volkskrant doesn’t explain the clear distinction between two different kinds of email messages: transactional emails sent by a government body like DUO, and commercial emails, such as newsletters, sent to subscribers who have given an opt-in.
Why and how do we measure opens and clicks?
Opens and clicks in emails are measured by inserting an invisible tracking pixel in the email’s code. The information about who opened your email is shown in the email analytics dashboard in your marketing automation platform. Links in an email can be tracked by adding a UTM code to them. This tracks if a recipient clicked on a link.
This is all standard practice in marketing emails and it provides crucial information: As a marketer, you need to know if you are sending the right information at the right time to your customers. The GDPR allows this, because legitimate interest is one of the legal grounds for processing personal data. Knowing if you are providing useful and timely information to your customer is a legitimate interest for your company or organization.
What did DUO do wrong?
DUO tracked if students opened important emails regarding their student grant and public transport pass. They also stored the information, to use in possible dispute cases. Because DUO did not ask for permission to collect these data, or informed the students about the tracking, the legal basis for tracking would be ‘legitimate interest’. However, paragraph 47 of the considerations in the the GDPR clearly states that government organizations are not allowed to use legitimate interest as a legal basis for processing personal data: “Given that it is for the legislator to provide by law for the legal basis for public authorities to process personal data, that legal basis [ie legitimate interest] should not apply to the processing by public authorities in the performance of their tasks. “
This special status of government organizations is what the article in de Volkskrant fails to make clear. The average reader will conclude from it that all email tracking is illegal and senders are trying to evade the law and are deliberately being non-transparant about it. However, different rules apply to commercial (marketing) emails. Marketers are allowed to put tracking technology in their emails, because of legitimate interest. You do need to inform subscribers about tracking. Make sure you provide a link to your privacy statement before they submit their data.
Tracking emails is allowed and benefits both sender and recipient
In a second article on this subject (only available in Dutch), de Volkskrant gives tips on how to disable tracking. The tone of voice of this piece is negative and agressive. It states senders “hide” the tracking pixel somewhere in the HTML code and use “redirect links” that surreptitiously log your information. Ironically, icluded in the article is a note stating the newspaper uses tracking technology in its newsletter. This rather undermines the alarmist tone.
Tracking is essential for succesful email marketing
Knowing more about your subscriber and his or her preferences benefits not just you. Your subscribers will receive more relevant and timely emails. This will make them more inclined to open and read them. Subscribers who never open their email can be removed from your list, so your campaigns will be more efficient.
Keep to the standard best practices of email marketing. Obtain a valid opt-in. Provide information about tracking in your privacy statement. Put an unsubscribe link in every marketing mail and comply with the GDPR when processing personal data. Then you are good to go!
Tracking forms an essential part of every marketing automation platform. We will gladly answer any questions you have about email marketing, marketing automation and the GDPR. Contact us!
Special thanks to the legal experts of the DDMA.
Other articles from our blog you may find interesting: