Tax preparation companies have for years been freely sharing millions of taxpayers’ sensitive data, which is supposed to be closely guarded, with Meta to use in advertising and for other purposes with “stunning disregard” for user privacy, a new report by congressional Democrats has found.
The report, released Wednesday, found that TaxAct, TaxSlayer and H&R Block have been using a line of code on their websites known as Meta Pixel in order to gather data about users, largely to use for advertising purposes. This data is then sent to Meta, the parent company of Facebook, which uses it for its own advertising programs.
Data collected through Meta Pixel includes information, such as name, gender, address and email, as well as data about income, filing status, tax return amount, and even dependents’ college scholarship amounts. Though the data is supposedly sent anonymously, experts have said that it is very easy for the companies to unscramble it and identify individuals to create a user “profile” for advertising or other purposes.
These companies have been using Meta Pixel or Google’s data tracking for years, with one company using it for over a decade, and told the lawmakers that it was “common industry practice.” Even so, the companies seem to have been unaware of the extent to which taxpayers’ data has been shared and are still unaware of the status of the data.
The report condemns the companies for being “shockingly careless” with taxpayer data and operating “with stunning disregard for taxpayer privacy.” This data is by law supposed to be closely guarded, with serious penalties for violations, including large fines or jail time.
Lawmakers have urged the Treasury Inspector General for Tax Administration, the Federal Trade Commission and the Justice Department to investigate the tax preparation companies for potential violations of the law.
Experts have described the sharing of the data as a major emergency for taxpayer privacy. “On a scale from one to 10, this is a 15,” David Vladeck, Georgetown University law professor and a former consumer protection chief for the Federal Trade Commission, told CNN. “This is as great as any privacy breach that I’ve seen other than exploiting kids. This is a five-alarm fire, if what we know about this so far is true.”
The report was prepared by the offices of Senators Elizabeth Warren (D-Massachusetts), Ron Wyden (D-Oregon), Richard Blumenthal (D-Connecticut), Tammy Duckworth (D-Illinois), Bernie Sanders (I-Vermont), Sheldon Whitehouse (D-Rhode Island) and Rep. Katie Porter (D-California). It was commissioned after a report published in The Markup last November first revealed the tax companies’ data transmission practices.
The lawmakers pointed out that this could have been avoided if the government simply allowed citizens to file taxes directly with the government for free – a standard practice in other countries – without the intervention of private tax preparation companies. But the powerful tax preparers’ lobby has prevented the U.S. from adopting the practice, so they continue to collect billions of dollars from taxpayers each year for something that is free elsewhere.
Meta allows websites to use its Pixel data collection code for free in order to collect data from a wide swath of the internet. Previous investigations have even found the use of Meta Pixel on websites for hospitals or pregnancy care centers.
Data privacy has become increasingly important in a time of increasing criminalization of the public, as aided by Big Tech. Data collected from websites or applications can be used by law enforcement to target protesters or find and convict abortion seekers; last week, a Nebraska mother took a plea deal including up to two years in prison for helping her daughter obtain an abortion after Meta turned over supposedly private messages about the abortion to police. Though direct messages aren’t the sort of data at risk from website data collection, it does reveal the company’s willingness to share private information with police.