Various tax preparation services have been found to send sensitive financial information to Meta, including individuals' income, marital status, and even amounts earned on college scholarships.
The information comes from an investigative report by The Markup (opens in a new tab), which claims that the implementation of the Meta Pixel in tax filing services led to unintended data collection by Meta.
Meta Pixel (Opens in a new tab) is a Javascript snippet created by Meta that allows companies to track user activity as a way to "measure the [ads and design] effectiveness of their sites Web. It turns out that much more information was sent than user activity, and all without the user's consent. Names of taxpayers, dependents, email addresses and, in some cases, phone numbers were among the financial data leaked. And it doesn't matter if those users didn't have an account on a platform owned by Meta. Meta can still use this data to bolster its own advertising algorithm, according to the report.
Google was also involved in the report, but this situation seems less dire. A Google spokesperson says the data collected is all mixed up and cannot be linked to a specific person.
mixed messages
After reviewing the report and the various statements made, there are many mixed messages coming from the companies. Actions do not match statements.
According to Meta's own help center page (opens in a new tab), the tech giant prohibits other companies from sending financial data; however, information on people's incomes was still being received. Tax filing services offered users the “opt-out option to share tax information,” but that didn't matter because, again, data was still being sent and received.
Several spokespersons have said that the tax filing services they represent were unaware that the Meta Pixel was sending so much information.
Now, however, a number of companies are changing the way they use the code. TaxAct, one of the services mentioned, will no longer send financial details to Meta but will still send names of dependents. TaxSlayer and Ramsey Solutions have removed the code from their websites. Others, like H&R Block, will continue to send out information on "health savings accounts and college scholarships."
The markup challenges the claims of these services that they were unaware that the Meta Pixel was sending all of this data. There is evidence, the report notes, to suggest that TaxAct deliberately configured Pixel's code to pass certain dollar amounts as "parameters to a custom event (opens in a new tab)," allowing them to be tracked. We contacted TaxAct and asked if they would like to make a statement on The Markup's claim. This story will be updated if we get any news.
Currently, there are no indications that the information collected has been misused. It is also unclear if any of the companies involved will face any sanctions. The Internal Revenue Service (IRS) has so far refused to comment on the situation, according to The Markup.
in trouble again
This isn't the first time Meta Pixel has caused trouble for its parent company or others. The tech giant is currently facing multiple lawsuits in the United States (opens in a new tab) over Pixel code that was allegedly used to collect people's health data and serve them targeted ads. One complaint comes from Illinois accusing Meta and Advocate Aurora of "intercepting, accessing and disclosing...patient health information..."
We also asked Meta if he had a statement on The Markup's report and if there were any plans to change Pixel's code given the recent controversies. Again, we will update this story if we hear back.
Be sure to check TechRadar's guide on what to do if your tax information is stolen. Although nothing malicious has been reported, it never hurts to be careful.
