According to The Markup, major tax filing services such as H&R Block, TaxAct, and TaxSlayer have quietly transmitted sensitive financial information to Facebook.
Users’ income, filing status, refund amount, and dependents’ college scholarship amounts are often included in the data, sent through a code known as the Meta Pixel.
In addition to being gathered, regardless of whether the individual using the tax filing service has a Facebook account, the information sent to Facebook is operated by Facebook to power its advertising algorithms.
According to The Markup, some of the most widely used e-filing services use pixels, which process about 150 million individual tax returns electronically each year.
For example, the popular tax-filing service TaxAct asks users to provide personal information to calculate their returns, such as how much money they make and what investments they have. According to a review by The Markup, a pixel on TaxAct’s website sent some of that data to Facebook, including users’ filing status, their adjusted gross income, and their refund amount.
Refunds were rounded to the nearest hundred and income to the nearest thousand. In addition, the pixel sent obfuscated – but generally reversible – information about dependents.
A similar amount of financial data, but not names, are also being sent to Google through TaxAct’s website, which claims to have about 3 million users.
Meta Pixels were not only used by TaxAct. As well as offering an online filing option, H&R Block embedded a pixel on its site to gather information on health savings account usage and college expenses for dependents.
As part of Facebook’s “advanced matching” system, TaxSlayer sent personal information to the social media company as part of its attempts to link web visitors with their Facebook accounts. A pixel on TaxSlayer’s website collected data such as phone numbers, names and dependents of the user filling out the form.
In the same way as TaxAct, Facebook could use obfuscated demographic data to link users with existing profiles. Over 10 million federal and state tax returns were completed by TaxSlayer last year.
It was even used by Intuit, which runs America’s most popular online filing software. Intuit’s TurboTax only sent usernames and, the last time a device signed in to Meta, not financial information. Beyond the sign-in page, the company removed the pixel entirely.
The Markup’s findings show taxpayers “are providing some of their most sensitive information to be exploited,” according to Harvard Law School lecturer Mandi Matlock.
“I find this appalling,” she said. There’s no doubt about it.”
Businesses can embed Meta’s pixel code on their sites, making it freely available to anyone.
Businesses and Facebook benefit from the code. The pixel may record which items a customer browsed on a business’s website, such as a T-shirt. A company can then target its Facebook ads to people who looked at that shirt, finding an audience that may already be interested in its products.
Meta also wins financially. As a result of data gleaned from tools like the pixel, the company says it can develop algorithms that give it insight into the habits of internet users.