You might think (or at least hope) that sensitive data like your tax returns would be kept under close care. But we learned this week that tax prep companies have been sharing millions of taxpayers’ sensitive personal information with Meta and Google, some for over a decade.
The tax companies shared the data through tracking pixels, which are used for advertising purposes, an investigative congressional report revealed on Wednesday. Many of them say they have removed the pixels, but it’s not clear whether some sensitive data is still being held by the tech companies. The findings expose the significant privacy risks that advertising and data sharing pose, and it’s possible that regulators might actually do something about it.
What’s the story? In November 2022, the Markup published an investigation into tax prep companies including TaxAct, TaxSlayer, and H&R block. It found that the sites were sending data to Meta through Meta Pixel, a commonly used piece of computer code often embedded in websites to track users. The story prompted a congressional probe into the data practices of tax companies, and that report, published Wednesday, showed that things were much worse than even the Markup’s bombshell reporting suggested.
The tech companies had access to very sensitive data—like millions of peoples’ incomes, the size of their tax refunds, and even their enrollment status in government programs—dating back as early as 2011. Meta said it used the data to target ads to users on its platforms and to train its AI programs. It seems Google did not use the information for its own commercial purposes as directly as Meta, though it’s unclear whether the company used the data elsewhere, an aide to Senator Elizabeth Warren told CNN.
Experts say that both tax prep and tech companies could face significant legal consequences, including private lawsuits, challenges from the Federal Trade Commission, even criminal charges from the US federal government.