User Guide: Managing Consent for Email Open Tracking in Selligent

Why consent for email open tracking is important

Email open tracking is commonly implemented using a tracking pixel embedded in email content. When an email is opened, this pixel is loaded and sends information back to the platform, allowing organizations to measure engagement. Through this pixel you are able to identify the recipient, observe, and store their behavior.

Data protection laws and rules, such as the French data protection authority (CNIL), impose that individual (user‑level) email open tracking requires consent.

Personal open tracking implies:

  • user identifiers in the pixel
  • opens tracked per individual
  • usage for profiling, segmentation and optimization

As a result, organizations must:

  • Inform users about email open tracking, for which specific purposes it is used and by whom.
  • Collect consent when individualized tracking is used.
  • Provide a way for users to opt out. Users must be able to withdraw consent at any time.
  • Keep proof that consent was given.

There are some use cases that are exempt from consent. Consent is not required:

  • When pixels are strictly necessary for security or authentication purposes.
  • When pixels are used exclusively for deliverability, under strict conditions (limited data, minimization, emails requested by the user, etc.).
  • For transactional messages. (For example, when a customer buys an item in an online store, this action can trigger a transactional email that supports the purchase process, such as an order confirmation or invoice.)

Examples:
- Open tracking to identify inactive recipients and stop sending emails to them does not require consent, but tracking data is limited to the last open date.
- Measuring open rates to optimize campaigns requires consent.
- Profiling users for use in other channels requires consent.

Below is an overview of when consent is required under the French regulations that take effect on July 14.

Situation Tracking pixel Action
No prior consent NO Ask consent first via non-tracked email.
Consent collected at signup
YES
Respected the purposes stated in the consent form.
Deliverability only YES No consent is required. Only the last open date can be stored.
Consent withdrawal NO Disable tracking immediately.

This guidance applies primarily to open tracking via pixels. Click tracking is not in scope.

 

Solution provided in Selligent to manage consent for email open tracking

Note: This feature is available on request, through a Support ticket.

To support email open tracking consent, Selligent introduces a solution for personal tracking.

Storage table for user preferences

Selligent provides a system table (SIM_USER_PREFERENCES) to store privacy and consent information for users.
This table collects:

  • LISTID (integer) — The Audience List of which the linked user record is part of.
  • USERID (bigint) — The profile ID of the linked user. (Corresponding the ID field of the Audience List.)
  • BRANDID (uniqueidentifier) — The Brand or Business unit ID, mapped to the OP_BRANDS table. This allows different consent states to exist for the same contact across different Business units.

    Note:Campaign does not use Business units. For Campaign, you can set BRANDID to the zero GUID: 00000000-0000-0000-0000-000000000000.

  • OPTIN_VIEWTRACKING (bit) — Opt-in value for open tracking. Consent given=1, while no consent=Null or 0. The default value is 0, until the user gives their explicit consent.
  • CREATED_DT (datetime) — The date and time on which the user preference record has been created. (This is the moment when the user gave or withheld consent.)
  • MODIFIED_DT (datetime) — The date and time on which the user preference record has last been modified. (For example, initially the user gave consent, and later on they revoked consent.)

Individual tracking only occurs when a user preference record is created.

Note: The SIM_USER_PREFERENCES table is not accessible directly from the Lists chapter within Selligent. It can only be accessed from the Data Explorer.

Tracking behavior when the feature is activated

When the feature is activated:

  • Personal tracking is allowed when consent is present. Identifiers are available in the tracking pixel.
  • No tracking is happening when consent is missing or withdrawn. In this case:
    • There are no user‑level identifiers in the pixel.
    • No user‑level open data is stored.

When a user opts out of personal email open tracking, or when consent is not present:

  • Individual open tracking is disabled.
  • No tracking pixel is being processed.
  • No user‑level open data is stored or linked.
  • Email delivery is not impacted.

 

Impact of email open tracking consent management on reporting

When open tracking is disabled:

  • Email opens are not recorded.
  • Clicks are still recorded.

As a result:

  • Open rates may decrease or be unavailable.
  • Clicks are treated as implicit opens.
  • Click‑through rates will not exceed 100%.

 

What customers need to do now

To implement email open tracking correctly, customers should follow these steps:

Step 1 – Inform users

Update privacy notices and preference centers to clearly explain:

  • Email open tracking is used.
  • The purpose of this tracking.
  • How users can opt out of open tracking.

Step 2 – Prepare your data model

Use the SIM_USER_PREFERENCES table to store tracking consent.

Note: The SIM_USER_PREFERENCES table is not accessible directly from the Lists chapter within Selligent. It can only be accessed from the Data Explorer.

Step 3 – Manage existing users (if applicable)

If you have a valid legal basis (e.g. previously collected consent), you may enable tracking for existing users.

Step 4 – Update marketing and consent flows

Align your preference centers, opt‑in / opt‑out mechanisms, and data loaders and integrations to ensure privacy choices are consistently applied.

Make sure to explicitly mention that if contacts do not respond before a specific date, their consent is recorded as given.

 

Collect consent

How to view consent

If you have the Data Explorer access permission, you can view consent data in the SIM_USER_PREFERENCES in the Data Explorer.

Copy

Example:

SELECT top 10 *
FROM dbo.SIM_USER_PREFERENCES

How to update consent

Consent can be updated by:

  1. Using a Data Component in a Custom Journey.

In the Data Component properties, select SYS_USER_PREFERENCES.OPTIN_VIEWTRACKING (where SYS_USER_PREFERENCES is the scope and OPTIN_VIEWTRACKING is the field) and set the field value to 1 (=consent) or 0 (=no consent).

Technical note: This field corresponds to the OPTIN_VIEWTRACKING field in the SIM_USER_PREFERENCES table being used in the backend.

  1. Using a Data Import in the Data Exchange chapter of Selligent.

While defining the field matching in the Data Import setup, select SYS_USER_PREFERENCES as scope.

Then select OPTIN_VIEWTRACKING as field.

  1. Using Stored Procedures for bulk updates and integrations.
Copy
Example:
-- This MERGE SQL statement performs an upsert on SIM_USER_PREFERENCES.
-- It updates an existing preference record if one already exists,
-- or inserts a new record if it does not exist yet.

-- The keys used to identify the preference row are:
-- USERID=1234, LISTID=5678, BRANDID=550E8400-E29B-41D4-A716-446655440000

MERGE SIM_USER_PREFERENCES AS UP
-- Define the source data.
-- This creates one temporary row with the values we want to apply.
USING
    (SELECT
        1234 AS USERID,
        5678 AS LISTID,
        '550E8400-E29B-41D4-A716-446655440000' AS BRANDID,                
        1 AS OPTIN_VIEWTRACKING        -- 1 = Consent given
    ) AS SRC
-- Match the source row to an existing row in SIM_USER_PREFERENCES.
-- A row is considered the same preference record only when USERID,
-- LISTID, and BRANDID all match.
ON UP.[USERID] = SRC.[USERID]
AND UP.[LISTID] = SRC.[LISTID]
-- Convert the source BRANDID text value into a uniqueidentifier
-- so it can be compared correctly with the BRANDID field in the table.
AND UP.[BRANDID] = CONVERT(uniqueidentifier, SRC.[BRANDID])
-- If a matching row already exists, update that row.
WHEN MATCHED THEN
UPDATE
SET
    -- Update the view tracking preference to the value from the source row.
    UP.OPTIN_VIEWTRACKING=SRC.OPTIN_VIEWTRACKING,
    -- Record the date and time when the existing preference was changed.
    UP.MODIFIED_DT=GETDATE()
-- If no matching row exists, insert a new preference row.    
WHEN NOT MATCHED THEN
INSERT (
    USERID,
    LISTID,
    BRANDID,
    OPTIN_VIEWTRACKING,
    CREATED_DT
)
VALUES (
    SRC.USERID,
    SRC.LISTID,
    SRC.BRANDID,
    SRC.OPTIN_VIEWTRACKING,
    GETDATE()        -- The date and time when the preference row was created.
);

 

Recommendations on consent collection and management to comply with the data protection rules

Following recommendations are based on the CNIL regulations applicable in France.

Recommendation 1 — Collect consent when the email address is collected (BEST practice)

This is the clearest method. How to do it (very concretely)

When a user enters their email address (signup form, account creation, newsletter form):

  • Add a dedicated consent checkbox (not pre-checked)
  • Explain clearly that tracking pixels will be used
  • State the exact purposes
  • Link to detailed information

Example:

☐ I agree that [Company name] may use tracking pixels in emails to:

measure email opening,
personalize content and sending frequency.

Learn more about email tracking (link to privacy / tracking policy)

Why this is compliant

  • Consent is prior to tracking
  • The user understands what will happen later
  • The link between email address and tracking is explicit

Recommendation 2 — If consent was NOT collected initially

This happens often with legacy databases.

The absolute rule is that you cannot send a tracked email to ask for consent.

Correct execution (step by step):

Step 1 — Send a non-tracked email

  • No tracking pixel
  • No hidden tracking on images or links
  • Plain email only

Step 2 — Include a secure consent link in the email

The link must:

  • Be unique per recipient
  • Lead to a page where the user actively confirms their choice

Example email text:

We would like your permission to use email tracking to improve our communications.
[Manage my email tracking preferences]

If the recipient clicks the link, this is considered as giving consent. Consent requires an explicit action on the page.

Step 3 — Consent page behavior

On the page:

  • Explain the tracking purposes
  • Require an explicit action (button click)

Example:

Email tracking preferences

☐ I agree to the use of tracking pixels in emails for:

campaign performance measurement
content personalization

[Accept] [Refuse]

When there is no scrolling or inactivity, this implies refusal. The decision is stored and logged.

Recommendation 3 — What information MUST be shown when asking for consent

Whenever consent is requested (form or page), the user must clearly understand:

Mandatory elements

  • Who places the tracking pixel
  • What data is collected (email opening, date, device info, etc.)
  • Why it is collected (specific purposes)
  • That tracking applies to all devices used to read emails

Example compliant wording:

We use tracking pixels to detect when you open our emails.
This allows us to analyze performance and personalize our communications.
Tracking applies regardless of the device used to read emails.

Recommendation 4 — Consent must be specific (no “all-in-one” consent)

There can NOT be one checkbox covering:

  • Marketing
  • Profiling
  • Tracking
  • Cross-channel targeting

There needs to be a separate consent per purpose OR clear grouping of closely related purposes only.

Recommendation 5 — Store proof of consent

You must be able to demonstrate:

  • Which email address gave consent
  • When it happened
  • How it was obtained
  • For which purposes

Recommendation 6 — Withdrawal of consent must be easy

Every tracked email should contain a footer link to manage email tracking preferences. The link must be:

  • Unique per recipient
  • Allows withdrawal in one click
  • Does NOT require entering the email address again

When consent is withdrawn, tracking pixels must be disabled for future emails and previously sent emails must no longer exploit tracking data.

 

Note: Do you have any questions? Have a look at the FAQ section.