What Your Website Knows About Your Customers

Most businesses know they have cookies on their website quietly collecting information in the background.

‍The Office of the Australian Information Commissioner's recent article, Your life, pixelated: how tracking pixels watch your every click, shines a light on something that has become so normal in the digital world that many organisations barely notice it anymore. Tiny pieces of code embedded in websites that observe what people do, where they go, what they click on, what they buy, and sometimes much more. Furthermore, they have recently made two separate determinations about interference with privacy through data collected via third-party tracking pixels.

Tracking pixels have been part of digital marketing for years. They help organisations understand what campaigns are working, which advertisements generate engagement, and how customers move through websites. They have become a standard part of the modern marketing toolkit. In fact, studies have found that invisible tracking pixels are present on more than 94% of websites, while almost half of all websites use Meta Pixel alone.

However, often privacy questions aren't asked before the pixels are added. It is common for pixels to be added because an agency recommended them. A marketing platform needed them. A plugin installed them automatically. A campaign required them. Over time, websites accumulate layers of tracking technology, often without anyone stepping back to understand exactly what information is being collected and where it is going.‍

The moment data leaves your website and enters somebody else's ecosystem, you don't get to outsource responsibility along with it. One of the key messages in the OAIC's guidance is that privacy accountability remains with the organisation collecting the information. Organisations deploying tracking pixels should understand what information is being collected, ensure collection is necessary, and be transparent about how that information is used.‍ ‍

A tracking pixel doesn't need to be malicious to create a privacy issue. It simply needs to collect more information than people reasonably expect. That's where trust starts to enter the conversation.‍ Most people understand that websites collect some information about their activity. They understand that online advertising exists. What creates discomfort is when the extent of the tracking becomes visible. When advertisements seem to follow them around the internet. When information they never consciously shared appears to have travelled further than they anticipated. When personalisation begins to feel less helpful and more intrusive.

‍The public's discomfort with online tracking is hardly a fringe concern. Research consistently shows that around 80% of consumers are concerned about online tracking, and privacy-focused changes such as Apple's App Tracking Transparency saw the overwhelming majority of users choose to opt out when given the opportunity. ‍Customers rarely describe this as a privacy compliance issue. They describe it as an icky feeling. A feeling that somebody knows more about them than they expected. A feeling that they are being watched. Once that feeling takes hold, trust becomes much harder to rebuild than compliance.

‍The organisations that are responding well to this shift are not necessarily removing every tracking technology from their websites. Instead, they know what technologies are running on their websites. They understand what information those tools collect. They can explain why the collection is necessary. They review vendors regularly. They challenge assumptions. They ask whether every piece of data being captured is genuinely required to achieve the outcome they're seeking.