by Several tax preparation services have been found to be sending sensitive financial information to Meta, including people’s income, filing status, and even amounts earned in college scholarships.
Information comes through a research report from The Markup (opens in new tab), which alleges that Meta Pixel’s implementation of tax filing services led to inadvertent data collection on Meta’s part.
Meta Pixels (opens in new tab) is a piece of Javascript code created by Meta that allows companies to track user activity as a way to “measure the effectiveness [ads and the design]» of their websites. As it turns out, much more information was being sent than user activity, and all without the user’s consent. Among the leaked financial data were the names of filers, dependents, email addresses and, in some cases, phone numbers. And it doesn’t matter if those users didn’t have an account on any Meta-owned platform. Meta may still use this data to enhance its own advertising algorithm, according to the report.
Google is also involved in the report, but this situation seems less dire. A Google spokesperson states that the data collected is all mixed up and cannot be linked to a specific person.
Mixed messages
After looking at the report and the various statements made, there are a lot of mixed messages from the companies. Actions do not align with statements.
According Meta’s help center page (opens in new tab), the tech giant bans other companies from sending financial data. However, information about people’s income was still obtained. Tax reporting services gave users the “choice to refuse to share tax information”, but that didn’t matter because, again, data was still being sent and received.
Several representatives said the tax agencies they represent were unaware that Meta Pixel was sending so much information.
Now, however, several companies are changing the way they use the code. TaxAct, one of the listed services, will no longer send financial information to Meta, but will still send the names of dependents. Both TaxSlayer and Ramsey Solutions have removed the code from their websites. Others, like H&R Block, will continue to send information about “health savings accounts and college tuition scholarships.”
The Markup questions these services’ claims that they didn’t know Meta Pixel was sending all this data. There is evidence, the report notes, that suggests TaxAct intentionally configured the Pixel code to pass certain dollar amounts as “parameters to custom event (opens in new tab),” allowing them to be tracked. We reached out to TaxAct and asked if they would like to make a statement about The Markup’s claim. This story will be updated if we have news.
At this time, there is no indication that any of the information collected has been misused. It is also unknown if any of the companies involved will face any type of penalty. The Internal Revenue Service (IRS) has so far declined to comment on the situation, according to The Markup.
In trouble again
This isn’t the first time Meta Pixel has gotten its parent company or others into trouble. The tech giant is currently facing multiple lawsuits from across the United States (opens in new tab) over the Pixel code allegedly used to collect people’s health data and serve targeted ads. One complaint comes from Illinois, where it accuses Meta and Advocate Aurora of “intercepting, accessing and disclosing … patient health information…”
We also asked Meta if it had a statement regarding The Markup’s report and if there are any plans to change the Pixel code due to the recent controversies. Again, we’ll update this story if we hear back.
Be sure to check out TechRadar’s guide what to do if your tax information is stolen. Although nothing malicious has been reported, it never hurts to be cautious.
