The Office of the Australian Information Commissioner recently issued practical guidance on how to deploy tracking technologies (pixels) in a privacy compliant manner under the Australian Privacy Law.

This can serve as a helpful guide for our U.S.-based clients too.

Before entering into a contract with a third-party pixel provider:

  • Conduct a privacy impact assessment
  • Review the terms of the agreement to understand its obligations and make sure the third party has appropriate processes in place to protect personal information and comply with any obligations it has under the Privacy Act

Before deploying the pixels:

  • Ensure the collection of personal information for the purposes of pixel usage is is reasonably necessary for your organisation’s functions or activities. This is the case where a reasonable person who is properly informed would agree that the collection is necessary. A key factor in determining whether a collection of personal information is reasonably necessary for a function or activity includes whether the entity could undertake the function or activity without collecting that personal information, or by collecting a lesser amount of personal information
  • Identify the types of data that will be collected by the pixel and how it will be used and shared
  • Ensure that pixels are configured to limit the collection of personal information to the minimum amount of personal information that is reasonably necessary in the circumstances
  • Generally seek express opt-in consent from an individual if their sensitive information is likely to be collected and disclosed to third-party platforms through a tracking pixel
  • Be clear and transparent about your use of third-party tracking pixels
  • Only use or disclose personal information for the primary purpose for which it was collected, unless you have consent or can establish the secondary use or disclosure would be reasonably expected by the individual, and is related (or directly related, for sensitive information) to the primary purpose

Throughout the term:

  • Conduct regular reviews of the tracking technologies deployed on your website to ensure they are configured appropriately, and that your ongoing use remains reasonable and necessary in the circumstances.