A woman reads on her mobile phone and is happy about the content

Newsletter tracking: how to do it right

Newsletters are a proven tool for addressing customers directly and informing them about current offers or news. But as soon as it comes to tracking opening rates and clicks within the emails, things get complicated. This is where data protection laws such as the GDPR (General Data Protection Regulation) and the TTDSG (Telecommunications and Telemedia Data Protection Act) come into play.

What does newsletter tracking mean?

Newsletter tracking involves collecting information about user behaviour. This includes

  • opening rates: Is the newsletter opened?
  • Click behaviour: Which links are clicked?
  • Interaction data: How long was the email read?

This data helps companies to improve their marketing strategies. At the same time, however, this is personal data, as it is often linked to the recipient's email address.

The legal situation in the EU

Data protection-compliant consent

The user's prior consent is required for any tracking within a newsletter. This consent must:

  • Beinformed: The recipient must know which data is processed and how.
  • Voluntary: There must be no obligation to subscribe to the newsletter.
  • Explicit: A tick for tracking must not be pre-selected.

Simply opening an email or clicking on a link does not constitute consent. General information such as "By using our newsletter, you consent to tracking" is also not sufficient.

Technical requirements

Tracking is often based on invisible images (pixel tracking) or personalised links. These methods are only permitted if:

  • The user has given their prior consent.
  • Tracking remains deactivated as long as no consent has been given.

The role of the ePrivacy Regulation

The ePrivacy Regulation is intended to supplement the GDPR in key areas of electronic communication. However, it has not yet come into force. Nevertheless, a trend can already be recognised. Its aim is to protect users' privacy and give them more control over their data - an issue that also affects newsletter tracking.

In order to fulfil the requirements of the ePrivacy Regulation, companies must be clear and transparent. Any tracking, be it through pixel tracking or personalised links, requires the explicit and voluntary consent of the user. Pre-ticked boxes or implicit consent are not sufficient. In addition, the technologies used and their effects must be clearly visible to the user. This ensures that trust in digital communication is strengthened and that companies act in a legally compliant manner.

Consequences of a breach

Unauthorised newsletter tracking can result in considerable fines. Companies also risk a loss of reputation if customers become aware of data protection violations. However, consequences are not only to be expected due to the GDPR and TTDSG. The use of tracking measures without prior consent also violates competition law. And this can quickly become very expensive.

The problem must be taken into account in particular with newsletter systems from the US, as these often use tracking without prior consent. These providers also fall under the Cloud Act, which allows US authorities to access data. This contradicts the requirements of the GDPR for the protection of personal data and makes the use of such tools in the EU risky.

How does data protection-compliant tracking work?

A data protection-compliant tracking system is based on three important basic principles: First, effective consent management must be in place where the user can explicitly consent, for example via an opt-in field. Pre-filled consent that is activated by default is not compliant with data protection regulations. In addition, collected data should be anonymised or aggregated wherever possible in order to protect the privacy of users. Personalised tracking to optimise the advertised products or even individualisation is therefore only permitted if the customer has explicitly consented. Finally, companies must create transparency by informing their users comprehensively about the purpose and type of tracking. This is where the privacy policy comes into play.

How TYRIOS offers a solution

With the new function in TYRIOS Mailing, we have developed one of the few data protection-compliant tracking solutions for newsletter systems on the market. Here's what makes our system special:

  • Subject to consent: Tracking is only activated if the customer explicitly agrees. The customer can choose whether they want to be tracked anonymously or whether they even want to be tracked on a personalised basis.
  • No opt-out: Consent must be given actively; there are no pre-selected options. This ensures that the customer is only tracked if they really want to allow it. The corresponding setting is logged so that it can be verified at any time.
  • Legally compliant: Our system fully complies with the requirements of the GDPR and the TTDSG.

Conclusion

Tracking open rates and clicks within newsletters is legally possible - but only under strict conditions. Companies should rely on data protection-compliant solutions to avoid legal risks and strengthen the trust of their customers. TYRIOS offers an innovative and secure solution that complies with current legal requirements and is also future-proof with regard to the ePrivacy Regulation.

Subscribe to our newsletter

Stay informed at all times. We will gladly inform you about product news and offers.