Skip to main content

Managing email tracking consent (ePrivacy / GDPR / CNIL)

This article explains where the rule comes from and how to run a compliant tracking-consent workflow in Apsis One, from capturing the preference to sending tracked and untracked versions of the same email.

In this article


Where the rule comes from

The requirement to get consent before tracking does not come from the GDPR directly — it comes from the ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC), often nicknamed the "Cookie Law."

The two pieces of law work together:

  • ePrivacy says you must get consent before storing or accessing information on a user's device. That covers cookies — and it covers the tracking pixels and tagged links used in email open and click tracking.

  • GDPR sets the bar for what counts as valid consent: it must be freely given, specific, informed, and unambiguous.

So the obligation to ask comes from ePrivacy, and the standard the consent has to meet comes from GDPR.

💡 What about CNIL? CNIL is the French data protection authority. It does not create separate rules — it enforces ePrivacy and GDPR in France, and its published guidance has been among the most explicit in stating that email open and click tracking requires prior consent. Other EU/EEA authorities apply the same underlying law.

⚠️ No, the rules overall haven't changed but the interpretation and compliance criteria of it has. The interpretation and recommendation have changed to also cover email tracking consent, in the same way as consent for tracking with cookies needed

For a long time ePrivacy Regulation was meant to replace the directive and align it with GDPR, but after years of stalled negotiations the European Commission withdrew the proposal — the withdrawal was confirmed in the Official Journal in October 2025. The ePrivacy Directive remains in force with no replacement on the table.


Create the Tracking attribute (custom)

The whole workflow hangs on a single profile attribute that records whether a profile has consented to tracking.

Create a boolean attribute (TRUE / FALSE) — for example Tracking. The values mean:

  • TRUE = the profile has consented; email tracking is ON.

  • FALSE = the profile has declined; email tracking is OFF.

  • No value (blank) = treated the same as FALSE. No recorded consent means tracking stays OFF.

⚠️ Absence of consent is not consent. Anyone who hasn't actively opted in — i.e. blank or FALSE — should receive the untracked version. Build your segments accordingly (see below).


Import or update your profiles

Set the Tracking value on your existing profiles by importing or bulk-updating them:

  • Set TRUE only on the profiles for whom you hold a record of tracking consent.

  • Leave everyone else blank, or set them to FALSE.

From this point forward, the attribute is your single source of truth for who can be tracked.


Create the Tracking ON and Tracking OFF segments

Create two segments based on the custom attribute:

  • Tracking ON — profiles where Tracking = TRUE.

  • Tracking OFF — profiles where Tracking = FALSE or the attribute has no value. You can simply use the "-" (minus) to create a segment that catches anyone that has any other value than true, easiest way.

💡 Defining the OFF segment as "FALSE or empty" is what guarantees that profiles with no recorded consent fall safely on the untracked side. Double-check this condition when you build it.


Build the tracked and untracked email versions

Because tracking is a per-send setting, the same message goes out twice — once tracked, once not.

  1. Create your email as normal and get it ready to send. Add a marker to the name so it's unmistakable, e.g. "… – tracking on".

  2. Duplicate the email. In the duplicate, turn tracking off, and mark its name "… – tracking off".

💡 Naming each version explicitly (tracking on / tracking off) prevents the most common mistake here — sending the tracked version to the wrong segment. It also makes the two sends easy to tell apart in reporting.


Schedule each version to the right segment

  • Schedule (send) the tracking on email to the Tracking ON segment.

  • Schedule (send) the tracking off email to the Tracking OFF segment.

Every recipient now gets the same content, tracked only if they've consented.

⚠️ Match each version to its own segment before you confirm the send. The tracked email must never go to the OFF segment.


Let profiles manage their own preference

To keep consent current without manual updates, give profiles a way to set their own preference:

  1. Create a form with a checkbox that updates the Tracking attribute.

  2. Add a link to that form in every email going forward, with the checkbox prefilled to reflect the profile's current value.

From then on, your profiles can actively update their tracking preference from any email they receive — and the attribute, segments, and future sends all follow automatically.

💡 Prefilling the checkbox means the form shows each profile their current choice rather than a blank default, which makes the update feel like a setting they're confirming rather than starting from scratch.

In the Form - create a checkbox or radio and link to your tracking attribute:

Radio button example:

Ensure you write a good message for anyone submitting the form from your email:

In the email - ensure you link to the form and check the box for prefilled form:

The data update will show on the profile as both the submit event and an update in the attribute:


What can't be turned off

Two types of tracking remain active regardless of the Tracking attribute:

  • Form tracking

  • Unsubscribe tracking

These are necessary for the form and unsubscribe mechanisms to function, so they cannot be disabled per send.

⚠️ Form tracking and unsubscribe tracking remain active regardless of consent — this is permitted because these links are exempt from Article 82 as strictly necessary for the service requested by the user. The data collected should not be used for personalization.


Doing this in Marketing Automation

If your emails go out from a Marketing Automation flow rather than as one-off sends, you apply the same logic — but instead of two segments, you split the flow with a Check profile node and send the matching email version down each branch.

The principle is unchanged: every profile gets the same content, tracked only if they've consented.

  1. At the point in your flow where the email should go out, add a Check profile node before the email.

  2. Set its condition to check the Tracking attribute: Tracking = TRUE.

  3. On the TRUE (matches) branch, add an Email node with the tracking on version of the email.

  4. On the FALSE (doesn't match) branch, add an Email node with the tracking off version — the duplicate where you turned tracking off.

⚠️ The "doesn't match" branch must catch both FALSE and blank profiles, so that anyone without recorded consent receives the untracked version. A single "Tracking = TRUE" check handles this automatically: anything that isn't TRUE — including no value — flows down the doesn't-match branch.

💡 Use the same naming convention as for manual sends — "… – tracking on" and "… – tracking off" — so it's obvious at a glance which email is mapped to which branch, and which version you're looking at in reporting.

💡 You only need one Check profile node per email step. If your flow sends several emails, repeat the split at each send point, as the consent can be added and removed during the time span of your flow.


What's coming: a built-in solution (late 2026)

The workflow above is what's available today — a reliable way to honour tracking consent using attributes, segments, and paired email versions. Alongside it, we're building a native tracking-consent solution directly into Apsis One, expected to roll out towards the end of 2026. It's designed to remove the manual steps so consent is handled automatically at send time.

Here's what we're working towards:

  • Consent stored per profile, per section — each profile carries its own tracking-consent value, with a companion "last active" date you can segment on.

  • Automatic link tracking removal — when you send an email, link tracking is stripped automatically for profiles without consent. The pixel still loads to register whether the email was opened, but for non-consenting profiles we only record that they were active (opened / loaded the pixel), nothing more.

  • Consent respected after send — if a profile withdraws tracking consent after an email has gone out, their clicks are no longer recorded.

  • Opt-out validation — Apsis One will check that your emails include a tracking opt-out, in the same way unsubscribe links are validated today.

  • A designable preference page — just like the double opt-in (DOI) page, you'll be able to design your own tracking-consent page in Settings — effectively a "toggle your tracking preference" page profiles can manage themselves.

  • Flexible consent in forms — you'll be able to capture tracking consent together with terms & conditions acceptance, or as its own separate checkbox, whichever suits your form.

💡 Until this lands, the attribute-and-segment workflow above is the recommended way to stay compliant. When the native solution is available, we'll publish a new guide so you can move across smoothly.



What's next?

Did this answer your question?