Note
This feature is being rolled out in mid-July. This page is provided in advance so you can understand what is changing and prepare. The step-by-step guides and API reference will be linked here as the feature goes live.
Purpose and Scope
Email Tracking Consent is a contact-level mechanism that records whether a contact has consented to having their email opens and clicks tracked, and applies or suppresses tracking accordingly.
The consent state is stored on the contact as a profile attribute and is evaluated when an email tracking event (open or click) occurs. This gives you a single, contact-level source of truth for tracking consent across your messages. The model applies to the email channel and is relevant wherever email open and click tracking may require the recipient's consent.
Background
Email tracking — the pixel that registers an open and the link rewriting that registers a click — is treated more strictly in some markets than in others. In some markets — for example France and Italy — the supervisory authorities take the position that this kind of tracking can require the recipient's prior consent, comparable to how cookies are handled.
Whether this applies to you, and to what extent, depends on who you send to and on the legal basis you rely on. This page describes the tooling Mapp provides; assessing your own obligations is your responsibility as the data controller.
Control Mechanism: the tracking_consent Attribute
The processing of email tracking for a contact is determined by the tracking_consent profile attribute. It supports four states.
State | Meaning |
|---|---|
Granted | The contact has consented. Email opens and clicks are tracked normally and attributed to the contact profile. |
Denied | The contact has declined. No tracking pixel is injected, and opens and clicks are not tracked at all — not even in anonymized or aggregated form. The links in the message still function normally for the recipient. |
Withdrawn | The contact has withdrawn a previously given consent. Processed the same way as Denied. |
Unknown | No consent value is stored on the profile. Tracking remains ON by default. This default can be switched off — contact your CSM. |
Behaviour
For messages already sent before a contact declines, the links in those messages cannot be rewritten retroactively. However, when the contact clicks, if their consent is Denied or Withdrawn (and no Tracking Override applies), the tracking is ignored.
Tracking Override
A per-message Tracking Override is available under a message's advanced settings, on create and edit. It is off by default.
When enabled for a message, the Override acts as an enforcement: it forces full open and click tracking for all recipients of that message, regardless of their individual consent state — including contacts who have denied or withdrawn consent. The tracking pixel is injected, with a timestamp, for every recipient of that message. Before enabling it, you confirm on screen that you have a lawful basis for doing so. Mapp does not assess that basis; the responsibility is yours.
The Override is the only mechanism for tracking messages independently of a contact's consent state.
Responsibilities
Mapp provides the tooling: Engage stores the consent value you send and applies or suppresses tracking based on it. You own the data and the legal basis: Mapp stores exactly what you send and does not validate it, so the accuracy of the consent data and the lawfulness of any tracking you carry out are your responsibility as the data controller. Where the product asks you to confirm a lawful basis, that confirmation is yours to make; Mapp does not assess it. If you are unsure whether or how this applies to your sending, consult your own data protection adviser.
Relationship to Anonymized Email Tracking
Engage also offers Anonymized Email Tracking, controlled by the DoNotTrack attribute, which serves a different purpose. Anonymized Email Tracking removes the relation between the tracking data and the individual. Email Tracking Consent governs whether an identified contact's behaviour is linked to email tracking at all. The two address different questions and run in parallel; once a contact's data is anonymized, there is no longer an identifiable person to associate tracking with, and the tracking_consent value becomes moot for that contact. For how anonymization is processed, see Email Tracking – Identifiability Model.
Data Retention
Email open and click tracking data is retained for three calendar years from the point of collection. This is an existing, Engage-wide retention property and is not specific to this feature.
Withdrawing consent stops future tracking; it does not delete tracking data already collected, which is retained under the standard retention policy. If a contact exercises a data subject right such as deletion or anonymization, that is handled separately from consent withdrawal.
Related articles
How-to: setting the tracking_consent attribute (available at release)