OAIC Issues Guidance on Tracking Pixels and Privacy Compliance
The guidance responds to growing demand from industry, government, and the public for clarity on how tracking technologies align with privacy obligations. Tracking pixels, often offered by social media companies and digital platforms, are small pieces of code placed on websites to gather user activity data, which is then sent to third-party servers.
While tracking pixels and similar tools, such as cookies, are widely used for analytics, advertising, and measuring business performance, they also pose significant privacy risks. Australian Privacy Commissioner Carly Kind highlighted the community's concerns, referencing findings from the 2023 Australian Community Attitudes to Privacy Survey, which revealed that 69% of adults opposed the use of personal data for online tracking and targeted advertising, with opposition rising to 89% when children were targeted. The Commissioner described many tracking tools as "harmful, invasive, and corrosive of online privacy."
The OAIC's guidance emphasises that organisations using tracking pixels must understand their functionality, assess privacy risks, and implement measures to ensure compliance with the Privacy Act. A ‘set and forget’ approach is not acceptable, and failing to perform due diligence could result in privacy breaches and legal risks. This initiative aligns with the OAIC's broader efforts, including guidance on generative AI, to support businesses in meeting privacy obligations while fostering community trust.