Email open tracking in Europe: why the pixel now needs consent (Courier)

France (CNIL) and Italy (Garante) are treating open-tracking pixels like cookies. Practical implication: keep sending emails, but only fire the pixel when the recipient has opted in.


Original article (source): Courier - “Email open tracking and consent: the new rules in Europe”

Primary sources linked from the article:


What changed (in plain English)

Courier’s write-up flags a simple but high-impact shift: regulators are starting to treat the email open-tracking pixel like a cookie.

The practical reading (per CNIL and Italy’s Garante) is:

  • If you use open tracking for marketing, profiling, or performance measurement, you need consent first.
  • The rule is about tracking, not delivery. You can still send the email, you just should not load the tracking pixel unless the recipient has opted in.
  • Scope follows the recipient’s location, not the sender’s HQ. So a US business emailing recipients in France or Italy is still in scope for those recipients.

Why this matters for app teams

App teams often treat email metrics as “safe”, and then use opens as a proxy for lifecycle performance. If this direction spreads across EU regulators, it creates a few real-world effects:

  • Open rate gets even less reliable (between Apple MPP, prefetching, and now consented-only pixels).
  • Preference UX becomes part of measurement. “Consent to receive emails” and “consent to be tracked” are separate signals. If you bundle them, you risk both compliance and trust.
  • Your CRM stack needs a default stance. If you go strict opt-in, you should expect apparent engagement rates to shift because you are measuring a smaller, consented subset.

The useful takeaways

  • Split delivery from tracking in your mental model and in your code. Sending a password reset is not the same thing as tracking an open.
  • Capture tracking consent at address collection, not inside the email. If the first time you ask is in a welcome email, the pixel in that email has already fired.
  • Make withdrawal easy and non-destructive. Turning off tracking should not force someone to unsubscribe from operational emails.

What to do next (tiny wins)

  • Audit where “open” is used as a KPI. Anywhere it feeds experiment decisions, campaign scoring, or deliverability rules is a risk zone.
  • Add a dedicated tracking consent toggle to your preference centre (separate from subscription opt-in/out).
  • Switch your lifecycle reporting to click-through and downstream actions (activation events, trial starts, purchase, retention) so the metric still works if opens become partially unobservable.

Read the original: https://www.courier.com/blog/email-open-tracking-consent

Editor: App Store Marketing Editorial Team

Insights informed by practitioner experience and data from ConsultMyApp and APPlyzer.

Want help with ASO?

If you want this implemented for your app, check out our services - or run your workflow in APPlyzer.