The Federal Trade Commission recently took enforcement action against GoodRx[1] and BetterHelp[2], two digital healthcare platforms, for allegedly sharing user health data with third parties for advertising. Both cases highlighted the use of third-party tracking pixels, which enable platforms to amass, analyze, and infer information about user activity.[3] The remedies in GoodRx[4] and BetterHelp[5] include strong provisions like bans that place strict, comprehensive limits on whether and how certain user information may be disclosed for advertising. In GoodRx and BetterHelp, this included a ban on the sharing of health information for any advertising purposes, and the BetterHelp order further bans the disclosure of other personal information for re-targeting.
What is pixel tracking?
Tracking pixels have evolved from tiny, pixel-sized images on web pages for tracking purposes to include a broad range of HTML and JavaScript embedded in web sites (and email).[6] Tracking pixels can be hidden from sight and can track and send all sorts of personal data such as how a user interacts with a web page including specific items a user has purchased or information users have typed within a form while on the site.[7] Businesses often want to use them to track consumer behavior (pageviews, clicks, interactions with ads) and target ads to users who may be more likely to engage or purchase something based on that prior online behavior.[8]
How does it work?
Companies who are interested in pixel tracking must first choose a pixel tracking provider. The provider will then generate a tracking pixel, a small piece of code that will be placed into the website or ad and define their tracking goals such as purchases, clicks, or pageviews. The company will then use some version of a dashboard or interface with the provider to track, test, and refine their settings.
Pixel tracking can be monetized several ways. One way to monetize pixel tracking is for companies to use the tracking data collected to improve the company’s own marketing campaigns. The data can be used to target more specific audiences with ads and other marketing messages. Another is that companies can monetize the data collected by further optimizing their own ad targeting systems and charging other companies to use its advertising offerings.[9]
What are the concerns?
Widespread usage of invisible pixels with no way for consumers to avoid. Traditional controls such as blocking third party cookies may not entirely prevent pixels from collecting and sharing information.[10] Additionally, many consumers may not realize that tracking pixels exist because they’re invisibly embedded within web pages that users might interact with. Pixels are widely considered an industry standard tool, but the GoodRx and BetterHelp examples show that they may collect sensitive data. Academic[11] and public reporting[12] teams have found that thousands of the most visited webpages have pixels and other methods that leak personal information to third parties.
Lack of clarity around data collection and use. With pixels, any type of personal and identifying information can be collected and shared.[13] In fact, information collected from a pixel can be used to identify social media profiles through matching information such as a user’s email address that automatically connect a user to their social media account on the platform if they have one. These third parties are often covert about how they store the data, and in some cases do not know what kinds of information is being tracked and where it is being stored.[14] These interactions may be further complicated by dark patterns and related practices, which may result in consumer confusion or unwanted sharing.[15]
Personal information may not be effectively removed. Some pixel tracking methods ostensibly attempt to remove personal information but may in fact still leak enough information to identify an individual. For instance, some tracking pixels “hash” personal information to scramble personally identifiable information such as names or email,[16] which the FTC has said may be inadequate in some cases, because hashes can be reversed or used to link data across different databases.[17]
Research Questions
Researchers and journalists have played a key role investigating practices and trends in online tracking, including pixel tracking. The FTC’s actions against GoodRx and BetterHelp raise questions for which continued research could prove useful.
- Industry conditions and competitive dynamics. Which pixel providers are particularly competitively significant for various tracking use cases, and how has competition in this industry evolved? How prevalent is pixel tracking relative to other forms of online tracking? What broader impact does pixel tracking have on competitive conditions in online tracking and advertising?
- Consumer harms. What unique consumer harms, financial or otherwise, can result from the use of pixel tracking technologies? How might the harms of pixel tracking technologies differ for certain communities?
- Business rationales. Does data collection from pixel tracking offer business advantages or disadvantages to companies, relative to alternative forms of data collection? What financial impact does pixel tracking have on advertising networks, data brokers, social networks, advertisers, and other parties?
- Data processing, use, and monetization. To what extent do first parties—including companies with diverse businesses practices—internally share data to use for purposes that consumers might not reasonably expect? For parties that obtain data via pixel tracking, what processing do they perform on this data, and how do they use and monetize this data beyond direct ad targeting? Do other platforms that handle sensitive data (e.g., health, financial, location, etc.) make use of third-party tools like pixel tracking in ways that risk exposing that data?
- Data retention and management. What is the minimum data retention period necessary to provide services based on pixel tracking? What are the circumstances that inform retention periods? How do companies keep track of the data they receive from pixels?
Our agency remains committed to protecting consumers and enforcing the law. Companies using tracking pixels that impermissibly disclose an individual’s personal information (which may include health information) to third parties may be violating the FTC Act,[18] the FTC’s Health Breach Notification Rule,[19] the HIPAA Privacy, Security, and Breach Notification Rules,[20] other state or federal statutes involving the disclosure of personal information, and your privacy promises to consumers.As the Office of Technology grows,[21] we will work to ensure the agency continues to be forward thinking and equipped to address and decipher developing technologies and harms.
Thank you to the contributors to this post: FTC Technologists (Joe Calandrino, Varoon Mathur, Aaron Alva, and Stephanie T. Nguyen) and FTC staff across BCP, BC, OPP and OGC (Michael Atleson, Lerone Banks, Manmeet Dhindsa, Peggy Bayer Femenella, Alex Gaynor, Nick Jones, Janice Kopec, Josephine Liu, Ryan Mehm, Kevin Moriarty, Miles Plant, Ronnie Solomon, Mark Suter, Olivier Sylvain, Ben Wiseman, and Erika Wodinsky).
[8] J. Keegan. “Forget Milk and Eggs: Supermarkets Are Having a Fire Sale on Data About You”. The Markup. February 16, 2023.
[10]Disabling cookies might limit the ability of advertisers to track user behavior or capture user information, disabling cookies does not necessarily mean that you have disabled pixel tracking. Pixel tracking can still occur even if cookies are disabled, as tracking pixels do not always rely on cookies to function.
“Most Browser Tracking Protection Doesn’t Actually Stop Tracking by Default, but We Can Help”. DuckDuckGo. March 30, 2021. https://spreadprivacy.com/browser-privacy-protection/
[13]S. Mattu, A. Waller, S. Fondrie-Teitler, and M. Gorelick. “How We Built a Meta Pixel Inspector”. The Markup. April 28, 2022.
[14]L. Franceschi-Bicchierai. “Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document”. Vice. April 26, 2022.
[18](15 U.S.C. Sec. 45(a)(1))
[20](“HIPAA Rules”) (45 CFR Part 160 and 45 CFR Part 164)