Knowledge is power, but what is allowed?
The government body that manages student grants and free public transport for students in the Netherlands, the Dienst Uitvoering Onderwijs (DUO), made the headlines earlier this year because they had to stop using tracking in their emails by order of the Dutch Data Protection Authority. The decision was made after a national newspaper, de Volkskrant, revealed that using tracking technology in their emails to students was in violation of the GDPR.
While the newspaper was correct in its conclusion that DUO is not allowed to use tracking technology in their emails to students, the article was somewhat vague, and some might say even misleading as to the exact reason for this. In their report, de Volkskrant doesn’t explain the clear distinction between two different kinds of email messages: transactional emails sent by a government body like DUO, and commercial emails, such as newsletters, sent to subscribers who have given an opt-in.
Why and how do we measure opens and clicks?
Opens and clicks in emails are measured by inserting an invisible tracking pixel in the HTML code. The information about who opened your email is shown in the email analytics dashboard in your email or marketing automation platform. Links in an email can be tracked by adding a UTM code to them. This tracks if a recipient clicked on a link.
This is all standard practice in marketing emails and it provides crucial information: As a marketer, you need to know if you are sending the right information at the right time to your customers. The GDPR allows this, because legitimate interest is one of the legal grounds for processing personal data. Knowing if you are providing useful and timely information to your customer is a legitimate interest for your company or organization.
What did DUO do wrong?
DUO tracked if students opened important emails regarding their student grant and public transport pass. They stored this information, to use in possible dispute cases. Because DUO did not ask for permission to collect these data, or informed the students about the tracking, the legal basis for tracking would be ‘legitimate interest’. However, paragraph 47 of the considerations in the the GDPR clearly states that government organizations are not allowed to use legitimate interest as a legal basis for processing personal data: “Given that it is for the legislator to provide by law for the legal basis for public authorities to process personal data, that legal basis [ie legitimate interest] should not apply to the processing by public authorities in the performance of their tasks. “
This special status of government organizations is what the article in de Volkskrant fails to make clear. The average reader will conclude from it that all email tracking is illegal and senders are trying to evade the law, while being deliberately non-transparant about it. However, different rules apply to commercial (marketing) emails. Marketers are allowed to put tracking technology in their emails, because of legitimate interest. You do need to inform subscribers about tracking. At the very least make sure you provide a link to your privacy statement early in the subscription process, so they can read it before they submit their data. Even better: Use your subscription form to inform them in a succinct and positive way ‘what’s in it for them’.
Tracking emails is allowed and benefits both sender and recipient
In a second article on this subject (only available in Dutch), the author gives tips on how to disable tracking. The tone of voice of this piece is negative and agressive. It states senders “hide” the tracking pixel somewhere in the HTML code and use “redirect links” that surreptitiously log your information. Ironically, included in the article is a notice stating de Volkskrant uses tracking technology in its newsletter itself. This rather undermines the alarmist tone.
An essential part of succesful email marketing
Knowing more about your subscriber and his or her preferences benefits not just you. You can use the information to ensure your subscribers receive more relevant and timely emails. This will make them more inclined to open and read them. You will also know which subscribers never interact with your email. These can be removed from your list, so your campaigns will be more efficient.
Keep to the standard best practices of email marketing. Obtain a valid opt-in. Provide information about tracking in your privacy statement or on your webforms. Put an unsubscribe link in every marketing mail and comply with the GDPR when processing personal data. Then you are good to go!
Tracking forms an essential part of every marketing automation platform. We will gladly answer any questions you might have about email marketing, marketing automation and the GDPR. Contact us!
Special thanks to the legal experts of the DDMA.
Other articles you may find interesting: