The Office of the Australian Information Commissioner (OAIC) unveiled important guidance that outlines the privacy responsibilities of organisations under the Australian Privacy Act regarding the use of third-party tracking pixels on their websites. This initiative tackles the growing demand for transparency regarding the Privacy Act’s relevance to tracking technologies and highlights a rising interest from government entities, media outlets, and the Australian public.
Organisations increasingly use third-party tracking pixels, small pieces of code from external providers, to collect insights on user activities across their websites. When a user accesses a webpage with a tracking pixel, the pixel triggers and sends various data points back to the third-party provider’s server. These tools can enhance business analytics, boost advertising effectiveness, and improve ROI measurement, but they also raise significant privacy concerns.
“Many of these tracking tools are harmful, invasive, and corrosive of online privacy,” stated Australian Privacy Commissioner Carly Kind. The OAIC’s 2023 Australian Community Attitudes to Privacy Survey reveals a significant concern among Australian adults. Sixty-nine percent believe it is neither fair nor reasonable for companies to use their personal information for online tracking, profiling, and targeted advertising. This figure rises to 89% when we look at materials aimed at children.
The OAIC has provided essential directives for organisations planning to implement third-party tracking pixels:
- Understanding the technology: Organisations must thoroughly understand the operational mechanisms of the tracking pixels they plan to implement and identify all potential privacy risks associated with the technology.
- Risk mitigation: It is crucial to take decisive actions to tackle the identified risks. This proactive strategy should supersede any “set-and-forget” mentality regarding tracking technologies.
- Due diligence: Organisations should conduct comprehensive due diligence before deploying any external pixels. Neglecting this responsibility risks compliance with privacy regulations and increases legal risks for organisations.
The OAIC underscores that the deploying organisation must ensure compliance with the Privacy Act. This announcement supports OAIC efforts to enhance privacy safeguards, including recent recommendations on generative AI technologies. It demonstrates a commitment to helping organisations maintain privacy standards and build public trust.
OAIC stresses the need for public sector organisations to prioritise privacy in their operational practices. This approach aligns with community expectations and legislative mandates as the digital landscape evolves.