User Guide: Managing Opt‑out for Email Open Tracking in Selligent

Why consent for email open tracking is important

Email open tracking is commonly implemented using a tracking pixel embedded in email content. When an email is opened, this pixel is loaded and sends information back to the platform, allowing organizations to measure engagement. Through this pixel you are able to identify the recipient, observe and store their behavior.

Data protection laws and rules, such as the French data protection authority (CNIL), impose that individual (user‑level) email open tracking requires consent, unless the tracking is fully anonymous.

Personal open tracking implies:

  • user identifiers in the pixel
  • opens tracked per individual
  • usage for profiling, segmentation and optimization

With anonymous tracking:

  • there is no user-level identification
  • the same pixel is used for all recipients
  • only campaign level statistics are available

As a result, organizations must:

  • Inform users about email open tracking, for which specific purposes it is used and by whom
  • Collect consent when individualized tracking is used.
  • Provide a way for users to opt out. Users must be able to withdraw consent at any time.
  • Keep proof that consent was given

There are some use cases that are exempt from consent. Consent is not required:

  • When pixels are strictly necessary for security or authentication purposes, or
  • When pixels are used exclusively for deliverability, under strict conditions (limited data, minimization, emails requested by the user, etc.).
  • When tracking is fully anonymous and no identifiers are used.
  • For Transactional messages

Examples:
- Open Tracking to identify inactive recipients and stop sending emails to them does not require consent, but tracking data is limited to Date of Last Open
- Measuring open rates to optimize campaigns requires consent.
-Profiling users for use in other channels requires consent.

Below is an overview of when consent is required when the new regulations take effect in France on July 14th:

Situation Tracking pixel Action
No prior consent NO Ask consent first via non-tracked email
Consent collected at signup
YES		 Respected the purposes stated in the consent form
Deliverability only YES No consent is required but minimum data should be collected
Consent withdrawal NO Disable tracking immediately

 

This guidance applies primarily to open tracking via pixels. Click tracking is not in scope.

 

Solution provided in Selligent to manage consent for email open tracking

This feature is available on request.

To support email open tracking consent, Selligent introduces a solution that clearly differentiates between personal and anonymous tracking.

Privacy management via dedicated field: PRIVACY_FLAGS

Selligent provides a system field (PRIVACY_FLAGS) to store privacy and consent information at user level. This field:

  • Controls eligibility for personal email open tracking
  • Is similar in principle to existing opt‑out mechanisms

By default:

  • The field PRIVACY_FLAGS is set to NULL, meaning no consent was given
  • The feature is not activated.
  • Users are not opted in to personal open tracking

This ensures that individual tracking does not occur unless explicitly enabled.

Note: This new field will be visible on all Audience Lists, regardless if the feature is activated for your environment.
Null or 0 implies no consent.
1 implies consent was given.

Tracking behavior when the feature is activated

When the feature is activated:

  • Personal tracking is allowed when consent is present. Identifiers are available in the tracking pixel.
  • Anonymous tracking is happening when consent is missing or withdrawn. In this case:
    • there are no user‑level identifiers in the pixel
    • no user‑level open data is stored
    • only aggregated campaign‑level statistics generated

 

When a user opts out of personal email open tracking, or when consent is not present:

  • Individual open tracking is disabled
  • The tracking pixel is processed in anonymous mode
  • No user‑level open data is stored or linked
  • Email delivery is not impacted

 

Impact of email open tracking consent management on reporting

When open tracking is disabled:

  • Email opens are not recorded
  • Clicks are still recorded

As a result:

  • Open rates may decrease or be unavailable
  • Clicks are treated as implicit opens
  • Click‑through rates will not exceed 100%

 

What customers need to do now to implement email open tracking

To implement email open tracking opt‑out correctly, customers should follow these steps:

Step 1 – Inform users

Update privacy notices and preference centers to clearly explain:

  • That email open tracking is used
  • The purpose of this tracking
  • How users can opt out

Step 2 – Define your consent strategy

Decide whether you will:

  • Use anonymous open tracking only, or
  • Enable personal open tracking based on explicit user consent

Step 3 – Prepare your data model

  • Use the PRIVACY_FLAGS field to store tracking consent
  • Ensure updates respect bitmask logic

Step 4 – Manage existing users (if applicable)

If you have a valid legal basis (e.g. previously collected consent), you may enable tracking for existing users using bitwise operations:

Copy 
UPDATE MY_USERLIST
SET PRIVACY_FLAGS = (PRIVACY_FLAGS | 1)

Step 5 – Update marketing and consent flows

Align your Preference centers, Opt‑in / opt‑out mechanisms and Data loaders and integrations to ensure privacy choices are consistently applied.

 

Recommendations on consent collection and management to comply with the data protection rules

Following recommendations are based on the CNIL regulations applicable in France.

Recommendation 1 — Collect consent when the email address is collected (BEST practice)

This is the clearest method. How to do it (very concretely)

When a user enters their email address (signup form, account creation, newsletter form):

  • Add a dedicated consent checkbox (not pre-checked)
  • Explain clearly that tracking pixels will be used
  • State the exact purposes
  • Link to detailed information

example

☐ I agree that [Company name] may use tracking pixels in emails to:

measure email opening,
personalize content and sending frequency.

Learn more about email tracking (link to privacy / tracking policy)

Why this is compliant

  • Consent is prior to tracking
  • The user understands what will happen later
  • The link between email address and tracking is explicit

 

Recommendation 2 — If consent was NOT collected initially

This happens often with legacy databases.

The absolute rule is that you cannot send a tracked email to ask for consent.

Correct execution (step by step)

Step 1 — Send a non-tracked email

  • No tracking pixel
  • No hidden tracking on images or links
  • Plain email only

Step 2 — Include a secure consent link in the email

The link must:

  • Be unique per recipient
  • Lead to a page where the user actively confirms their choice

Example email text

We would like your permission to use email tracking to improve our communications.
Manage my email tracking preferences

If the recipient clicks the link, this is considered as giving consent. Consent requires an explicit action on the page

Step 3 — Consent page behavior

On the page:

  • Explain the tracking purposes
  • Require an explicit action (button click)

Example:

Email tracking preferences

☐ I agree to the use of tracking pixels in emails for:

campaign performance measurement
content personalization

[Accept] [Refuse]

When there is no scrolling or inactivity, this implies refusal. The decision is stored and logged.

Recommendation 3 — What information MUST be shown when asking for consent

Whenever consent is requested (form or page), the user must clearly understand:

Mandatory elements

  • Who places the tracking pixel
  • What data is collected (email opening, date, device info, etc.)
  • Why it is collected (specific purposes)
  • That tracking applies to all devices used to read emails

Example compliant wording

We use tracking pixels to detect when you open our emails.
This allows us to analyze performance and personalize our communications.
Tracking applies regardless of the device used to read emails.

 

Recommendation 4 — Consent must be specific (no “all-in-one” consent)

There can NOT be one checkbox covering:

  • Marketing
  • Profiling
  • Tracking
  • Cross-channel targeting

There needs to be a separate consent per purpose OR clear grouping of closely related purposes only.

 

Recommendation 5 — Store proof of consent

You must be able to demonstrate:

  • Which email address gave consent
  • When it happened
  • How it was obtained
  • For which purposes

 

Recommendation 6 — Withdrawal of consent must be easy

Every tracked email should contain a footer link to manage email tracking preferences. The link must be:

  • Unique per recipient
  • Allows withdrawal in one click
  • Does NOT require entering the email address again

When consent is withdrawn, tracking pixels must be disabled for future emails and previously sent emails must no longer exploit tracking data.