Tracking Pixels: what the CNIL's new rules change for your emailing strategy

The CNIL is reshaping the rules of email marketing, following the technical developments already initiated by Apple and Gmail.

On April 14, 2026, the CNIL published its definitive recommendation clarifying its position on tracking pixels in emails, particularly those used to measure open rates.

Until now, knowing whether a customer had opened your newsletter was a standard, almost automatic practice. From now on, the CNIL considers the mailbox to be an extension of a person's private life. Scanning what happens inside it via an invisible pixel requires obtaining permission, just as with cookies on a website.

The message is clear: these practices are now subject to strict requirements.

Organizations have a transitional period until July 14, 2026 to bring their practices in line with these rules for their existing databases.

Here is what you need to know about these new rules and, more importantly, how to adapt your email marketing strategy.

A tracking pixel embedded as an invisible image in an email (see example in the screenshot below), can collect information such as:

• the moment the message was opened

• the exact date and time

• the user's IP address

• the type of device and browser used

👉 In other words: behavioral data linked to an identifiable individual. This is precisely why the CNIL classifies them as trackers, on a par with cookies.

Previously, open tracking was often included by default in general terms and conditions. The CNIL now considers that the use of tracking pixels for marketing purposes relies, in most cases, on obtaining prior, freely given, specific, and informed consent.

You must clearly inform your users of:

• the existence of tracking,
• the type of data collected,
• the objective (analytics, marketing, etc.)
• the data retention period.

This means that:

• subscribing to a newsletter is no longer sufficient,
• tracking can no longer be implicit,
• users must understand what they are agreeing to.

A user must be able to refuse tracking while continuing to receive your emails. Conditioning access to your content on acceptance of tracking is therefore not permitted.

You should ensure that your email footers offer users granular choices as illustrated below: "You are receiving this email because you subscribed to our news. If you no longer wish to receive our communications, you can unsubscribe here.
To continue receiving our emails while blocking the statistical analysis of your interactions, you can disable open tracking here."

• Running your campaigns based solely on open rates.

• Segmenting your audience based on opens.

• Applying individual tracking without explicit consent.

Note: keep in mind that open rate tracking is is often inaccurate anyway. It faces underreporting due to privacy restrictions (like Apple Mail Privacy Protection) and overreporting due to AI tools automatically "opening" emails for content analysis.

• Click rates (often better justified)

• Actual conversions

• Declared data (user preferences)

• Aggregated and anonymized analytics

In short: we are shifting from invisible tracking to genuine engagement.

Don't panic: the end of automatic tracking is not the end of email marketing. It is an opportunity to move from surveillance-based marketing to relevance-based marketing.

Add a separate consent option to your sign-up forms. Decouple newsletter subscription from tracking consent. Also make sure that your various lead generation forms clearly link to an updated Privacy Policy that meets 2026 standards.

Since behavioral tracking is becoming more complex, ask your users directly what they like! This can be done, for example, by incorporating surveys, preference centers, or voting buttons into your emails. This kind of data is far more reliable than an email open.

Shift from "technical" metrics to "business" metrics:

• Click-through rate (CTR): still the strongest indicator of engagement. It works across all email content, including buttons and headings.

• Conversion rate: the final action completed on your website.

• Real engagement: a sign of the health of your audience.

Avoid automations based solely on opens. Favor more reliable triggers such as clicks, actions, and preferences.

At JustRelate, we have already anticipated these developments to ensure that technical constraints never stand in the way of your compliance.

1. Flexible tracking pixel configuration: you can now enable or disable the tracking pixel based on segments of your database (those who have consented vs. those who have not).
   
   
2. Consent-free web analytics: our Home marketing hub integrates a tracking solution that is exempt from consent requirements, while fully complying with CNIL standards. This allows you to track all email clicks as well as on-site engagement and conversions — with no data loss or consent-related distortions. Find out here why JustRelate etracker is exempt from the consent obligation.

These new CNIL rules are accelerating the transition toward transparent, quality-driven marketing. While the restriction on tracking pixels presents a challenge for strategies built around offline CTAs, it gives omnichannel brands the opportunity to enrich their analysis by combining email KPIs with web analytics data.

This is at the heart of what JustRelate offers: you no longer have to choose between compliance (GDPR/French Data Protection Act) and a data-driven approach. You have reliable data to keep optimizing customer engagement across all your channels, fully within the law.

Have questions about bringing your campaigns into compliance?

Our experts are here to help you get the most out of our tools. Request your free consent audit