Italy issues guidelines requiring consent for email tracking pixels

Italy’s data protection authority, Garante per la Protezione dei Dati Personali, has published guidelines regulating the use of tracking pixels in email communications.

Tracking pixels are small, often invisible images embedded in emails that notify the sender when a message is opened. They can also collect information such as the recipient’s IP address, device type, and the time the email was accessed.

Under the new guidelines, organisations must clearly inform recipients about the use of tracking pixels and obtain their consent before using them. Users must also be able to withdraw consent easily, without losing access to email communications.

The authority recognises limited exceptions, including the use of tracking for aggregated statistics, certain security functions, and essential communications such as fraud alerts or contractual notices.

Organisations have six months from the publication of the guidelines on 17 April 2026 to comply with the new requirements.

The measure addresses concerns about transparency and user control in digital communications, particularly where monitoring technologies operate without users’ awareness.