Norway DPA Finds Websites Using Tracking Pixels Breached Privacy Law
Inspections of six websites' use of tracking pixels found that the sites illegally shared visitors' personal information with third parties, including, in some cases, sensitive information, the Norwegian Data Protection Authority (DPA) said Thursday. It fined one website more than $25,000 (250,000 kroner).
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Tracking pixels automatically send information to a third party about those who visit a website or app, the DPA noted. This can include information about which web pages users are visiting and what they're doing, such as items they are putting in their shopping cart.
The websites ranged from an online pharmacy and one that provides counseling for children with a parent in prison, to a Christian site that publishes biblical texts and sites that offer medical services and information about diseases and diagnoses.
Inspections uncovered practices that were out of compliance with privacy laws, the DPA said. Among other things, visitors were told they were anonymous when they weren't, and personal information about children was illegally made available to third parties. Some visitors were "nudged" to provide consent, or given information that was misleading, difficult to understand, or didn't explain the consequences of giving consent.
Besides the privacy breaches, the watchdog said it also found that websites were unaware of how the technology works.
This round of inspections was mainly to raise awareness about the use of tracking pixels on websites, so most of the websites merely received warnings. In the future, the DPA warned, "the reactions may be much stricter."