Skip to main content
Share via Share via Share via Copy link

Tracking pixels: Emerging privacy risks for health and life science providers

01 July 2026
Philip James and Richard Edwards-Earl

The Office of the Australian Information Commissioner’s (OAIC) latest: (i) press release and (ii) accompanying audit report, 'Your Life Pixelated' (Pixel Report) highlights significant privacy risks arising from third party tracking pixels embedded in websites, particularly in sensitive sectors, such as healthcare.

These tools capture granular user activity – URLs, clicks, searches, and even form inputs – and transmit this data to social media platforms, often without users’ knowledge or meaningful consent. The Pixel Report conducted a scan of 50 health service provider websites, representing an array of Australia’s digital landscape in the health sector, including:

  • helpline and mental health services
  • health services for children and young people
  • pharmaceuticals
  • health services including insurance, fertility and abortion.

The OAIC stated:

“Today’s decision establishes that the advanced technology used for tracking and targeted in the online realm still has to be used in compliance with the Privacy Act. That means website providers must obtain consent where they’re using tracking pixels to collect sensitive information, such as data on health, political opinions, race or ethnicity.”

What you need to know

  • 96% of reviewed healthcare websites used tracking technologies, with over half deploying third party pixels. 
  • Most organisations failed to disclose these practices adequately in privacy policies. 
  • Data collected can reveal sensitive information (e.g. health conditions) and may be linked to identifiable individuals. 

Key takeaways

  • “De identified” or hashed data may still constitute personal information under privacy law. 
  • Many organisations lack visibility over deployed tracking tools and associated data flows.  
  • Regulatory expectations are increasing, with enforcement action already underway. 

Practical steps and actions

While the report is released by an Australian regulator, the trend and message for all digital health providers is that regulators in key comparable markets are focusing increasingly on cookies and pixel compliance (including the EU and UK – noting that the report draws upon and even recommends the European Data Protection Board’s (EDPB) website audit tool (as well as certain select third party cookie compliance tools, e.g. Ghostery). Accordingly, expect growing regulatory scrutiny in digital real estate – as international regulators talk and share enforcement and regulatory focus areas more than ever before.

In addition, in the UK (and EU), by way of example, the sanctions for breaches of PECR (the privacy rules governing pixels and associated tracking technologies, including cookies) is now comparable with breaches of GDPR i.e. maximum fines that may be imposed for serious breaches of PECR/privacy rules in the UK and EU are 4% of global annual turnover of the company’s group (combined) or Euro 20m (GBP 17.5m), whichever is the greater. 

Accordingly, it is recommended that organisations:

  • Conduct an immediate audit of tracking technologies and data sharing practices.
  • Implement Data Privacy Impact Assessments (DPIAs) before deploying marketing tools.
  • Update privacy notices to ensure transparency and obtain valid, informed consent.
  • Minimise data collection and avoid sharing sensitive information without explicit consent.
  • Embed “privacy by design” into digital marketing strategies and governance frameworks.

Conclusion

Tracking pixels present material compliance and reputational risks. Proactive governance and transparency are critical to meeting regulatory expectations and maintaining customer trust. If you would like to discuss these wider legal implications of the Pixel Report, please contact Philip James, Richard Edwards-Earl or our specialist life sciences team for further guidance. 

Contact

Contact

Philip James

Partner

philip.james@brownejacobson.com

+44 (0)330 045 1022

View profile Connect on LinkedIn
Can we help you? Contact Philip

Richard Edwards-Earl

Associate

richard.edwards-earl@brownejacobson.com

+44 (0)330 045 1049

View Profile Connect on Linkedin
Can we help you? Contact Richard