On average, everyone receives 24 emails per day that attempts to spy on them. The top 10% of users re-
             ceive more than 50.

             Tracking pixels are a standard feature of automated email services used by large and small businesses, and
             in many cases the facility is difficult to turn off.

             Two years ago Superhuman, a consumer-focused email client, tried to extend their use to the public as a
             default feature of its own, but reversed course after a public outcry.

             That had little impact on the marketing industry's continued reliance on the tech.

             Clients can use them to track how many emails in a specific campaign are opened in aggregate, as well as
             to automatically stop sending messages to customers who ignore them.

             But a study by Princeton University also indicated the data gathered was sometimes linked to a users' cook-
             ies. This allows an individual's email address to be tied to their wider browsing habits, even as they move
             from one device to another.

             "The resulting links between identities and web history profiles belie the claim of 'anonymous' web track-
             ing," the paper warned.

             In addition, trackers can also lead to personalised follow-ups.

             Particularly  with  salespeople  or  consultants, they  can  go:  'I  saw  you  open  my  email  yesterday,  but  you
             haven't replied yet. Can I call?'

             "And in some cases they get outright belligerent when they see you've opened it three times but have still
             not replied."

             Privacy laws

             Use of tracking pixels is governed in the UK and other parts of Europe by 2003's Privacy and Electronic
             Communications Regulations (Pecr) and 2016's General Data Protection Regulation (GDPR).

             They require organisations to inform recipients of the pixels, and in most cases to obtain consent.

             One privacy consultant said the Court of Justice of the European Union (CJEU) had previously ruled that
             such consent must be "unambiguous" and "a clear affirmative act".

             "Solely placing something in a privacy notice is not consent, and it is hardly transparent," said Pat Walshe
             from Privacy Matters.

             "The fact that tracking will take place and what that involves should be put in the user's face and involve
             them opting in.

             "The law is clear enough, what we need is regulatory enforcement. Just because this practice is widespread
             doesn't mean it's correct and acceptable."

             Mr Walshe noted that the ICO had used a pixel within its own e-newsletter.

             The watchdog told the BBC it was used to track email openings, but not users' locations, adding: "We're
             working with our provider to remove the pixel functionality and this should be completed soon."

             British Airways said: "We take customer data extremely seriously, and use a cross-industry standard ap-
             proach that allows us to understand how effective our customer communications are."