France: National Commission on Informatics and Liberty closes consultation on draft recommendation on tracking pixels in emails

On 24 July 2025, the National Commission on Informatics and Liberty (CNIL) closes its consultation on its draft recommendation on the use of tracking pixels in emails. The draft recommendation applies to all public and private organisations using tracking pixels in emails and their service providers, focusing specifically on email tracking. It aims to clarify obligations, particularly regarding user consent under Article 82 of the French Data Protection Act, transposing the ePrivacy Directive. Any subsequent processing of personal data collected must also comply with the General Data Protection Regulation (GDPR). Generally, prior consent is required for using tracking pixels, except for strictly necessary purposes like user authentication or aggregate, anonymised open rate measurement for deliverability. Purposes requiring consent include individual open rate analysis for campaign performance, tailoring communications, profiling for targeting, and fraud detection. The recommendation provides guidance on informing users clearly about tracker purposes and obtaining valid consent. Consent should ideally be obtained when collecting the email address or via a tracking-free email. Consent must be freely given, allowing granular choices. Users must also be able to withdraw consent easily, typically through an email footer link. Organisations must maintain proof of valid consent.