We would like to follow up on the activities of our Privacy Roundtable, so as to keep you in the loop. As we mentioned in January, we created the “Sankt Galler Privacy Interaction Framework” (short: SG-PIF) – an interdisciplinary approach to analyze current and future privacy issues. One phenomenon that caught our eye was email tracking.
According to a study by researchers from the Humboldt University Berlin, email tracking technologies are commonly employed. These tracking elements are integrated into emails and are generally not noticeable by the recipient of an email. Once the email with the tracking element is opened, the sender receives information about when, where and with what kind of end device the email was read. This information, combined with the email address, often containing individuals’ real names, enables companies that send newsletters, booking confirmations, or similar emails, to find out where users are actually reading the email.
Such email tracking practices by companies are not visible for individual users. It’s difficult to grasp the invisible tracking technologies that “crawl” into our inboxes. Consequently, various questions arise with respect to such practices: Is it socially acceptable that emails contain tracking technologies? Should companies be required to display such practices more clearly? Are or should such practices even be legal?
The SG-PIF provides some guidance on how to systematize and analyze the different perspectives and interests in such a scenario. We argue that as a first step, we have to divide the perspectives into four distinct levels. Putting the individual at the center of discourse, we begin with the micro-level which includes citizens and users. The second level is the so-called meso-level which focuses on society. The third level is called the exo-level encompassing companies, and the fourth is the macro-level focusing on the government and the law. In the case of email tracking, the micro-level covers aspects such as users’ privacy concerns (does the individual care about email tracking?), privacy literacy (does the individual know about email tracking?) and their privacy behavior (does the individual change his/her behavior once he/she knows that he/she is being tracked?). The meso-level refers to cultural differences in privacy, investigating, for example, how different countries’ or social groups’ (internet cultures and milieus) perceive email tracking differently. The exo-level entails the organizations responsible for the tracking, i.e., email service providers and email sending companies, as well as opposing civil rights groups, such as “Anonymous”. Finally, the macro-level covers the government’s stance towards email tracking and its legislation to ban or foster it.
In a second step, we analyze how the different levels interact with one another. Applied to the case of email tracking this leads to the following table:
| Society | Organization | State | |
|---|---|---|---|
| Individual | What are the underlying values and,norms when it comes to privacy of emails (or mail)? What do the individual and society expect? Is an email understood as a sealed message or is the tracking accepted? | What constitutes a breach of trust? How transparent are such tracking technologies? What is their use (both for companies and for individuals)? | Does one expect that legislation(consumer protection laws) protect individuals from such tracking? |
| Organization | Responsibility of companies’ towards society? | – | Accountability of companies? Sanction mechanisms? |
| State | How does legislation on email tracking, – and internet tracking in general – differ between countries? How does the political system encourage or discourage such tracking? | – | – |
