Tracking pixels meaning

On 7 October 2024, following a public consultation, the EDPB adopted the final version of ‘Guidelines 2/2023 on the technical scope of Article 5(3) of the ePrivacy Directive’—often referred to as the ‘cookie rule’ (the Guidelines). The authors previously reviewed the first draft in December 2023 (see News Analysis: EU—New EDPB guidelines on the scope of the ‘cookie rule’). Only limited differences separate that draft from the endorsed text. The EDPB still pursues an extremely expansive interpretation of the cookie rule, with most amendments simply providing clarification. This piece outlines the substance of the Guidelines and offers brief observations on their practical implications. Background It has long been accepted that conventional internet cookies engage the cookie rule. With newer tracking approaches—such as pixels, URL tracking and JavaScript code—emerging, the EDPB sought to dispel potential ambiguities. The Guidelines concentrate on a technical assessment of the scope of Article 5(3) of the ePrivacy Directive. They do not examine the circumstances in which an operation could fall within an exemption...

In this issue: Data Protection and cybersecurity Sanctions Other Practice Compliance updates this week Daily and weekly news alerts New and updated content Data Protection and cybersecurity ICO dispels myths on storage and access technologies The Information Commissioner’s Office (ICO) has addressed widespread misconceptions about how the Privacy and Electronic Communications Regulations (PECR) apply to storage and access technologies, including cookies, tracking pixels and device fingerprinting. It confirmed PECR is not confined to personal data, that what is ‘strictly necessary’ must be judged from the user’s viewpoint, and that consent is required for purposes that are not exempt. The ICO also indicated that a draft impact assessment has been issued and will be finalised after consultation. See: LNB News 12/09/2025 26. EDPB opens consultation on draft guidance on the DSA–GDPR interplay The European Data Protection Board (EDPB) has launched a public consultation on draft Guidelines 3/2025, which explain how the EU Digital Services...

In this issue: Data protection Financial sanctions AML, CTF & counter-proliferation financing Other financial crime Cybersecurity LexTalk®Risk & Compliance: a Lexis®Nexis community Daily and weekly news alerts Trackers New and updated content Data protection ICO launches consultation on revised cookies and tracking guidance The Information Commissioner’s Office has opened a consultation on a new chapter within its refreshed guidance on storage and access technologies, prompted by the Data (Use and Access) Act 2025. Covering cookies, tracking pixels and comparable tools, the chapter explains how consent must be obtained under PECR and the UK GDPR. Feedback is invited until 26 September 2025 to ensure the final text effectively supports compliance. See: LNB News 09/07/2025 48. Financial sanctions HMRC announces record compound settlement for Russian sanctions breach HMRC has finalised its largest compound settlement for a Russia sanctions contravention, with a UK exporter paying £1.16m in May 2025. The penalty relates to breaches...

This Practice Note This Practice Note offers practical advice on direct marketing, with an emphasis on meeting the requirements of the United Kingdom General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003). It addresses telephone and postal marketing, email activity, and other forms of electronic mail marketing. It also clarifies when checks against the Mailing Preference Service (MPS) or the Telephone Preference Service (TPS) are necessary. Drawing on ICO direction, it considers service messages, refer-a-friend promotions, regulatory communications, market research (including ‘sugging’—selling under the guise of research), tracking pixels, marketing databases, suppression lists and preference centres. The core difficulty with direct marketing is working out how the UK GDPR and PECR 2003 interlock; what you may do depends on your chosen tactics and the audience you are targeting. For a quick guide to whether consent is needed, see: Direct marketing decision tree—email and other electronic mail marketing—data protection Direct marketing decision tree—live telephone calls—data protection...

STOP PRESS This Practice Note reflects the present legislative landscape; however, be aware that some aspects will be affected by the Digital Omnibus proposals issued on 19 November 2025 under the Commission’s ‘simplification’ programme. For further details, see Practice Note: EU Digital Omnibus—tracker. This Practice Note explores the law governing the use of cookies and related technologies in the EU, covering the following: Types of cookies and related technologies ePrivacy Directive and cookies Responsibility for compliance Consent Clear and comprehensive information Exemptions EU GDPR and cookies Territorial scope Intranets Sanctions and enforcement Cookie audits Reform Resources and guidance Cookies are small data files placed on a user’s computer, phone or tablet. They enable an online service, such as a website, to recognise an individual user and retain particular information about them, such as login credentials, the contents of shopping baskets and site preferences. They are also widely used to direct advertising...

This How-to guide offers high-level, practical direction on direct marketing, with a particular emphasis on complying with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003). Further detail is set out in Practice Note: Direct marketing compliance. The guide outlines principal obligations for telephone marketing, postal marketing, email marketing and other electronic mail direct marketing. It also highlights the requirement to screen against the Mailing Preference Service or the Telephone Preference Service (TPS). The guide incorporates direct marketing advice issued by the Information Commissioner’s Office (ICO) on service messages, refer-a-friend initiatives, regulatory communications, market research including selling under the guise of research (sugging), tracking pixels, marketing lists, suppression lists and preference centres. It reflects the ICO’s: Direct marketing guidance, and Guidance on direct marketing using live calls and Guidance on direct marketing using electronic mail Understanding the law Any direct marketing activity that uses personal data falls within the data protection...