According to The Markup, major tax filing services such as H&R Block, TaxAct, and TaxSlayer have quietly transmitted sensitive financial information to Facebook.
Users’ income, filing status, refund amount, and dependents’ college scholarship amounts are often included in the data, sent through a code known as the Meta Pixel.
In addition to being gathered, regardless of whether the individual using the tax filing service has a Facebook account, the information sent to Facebook is operated by Facebook to power its advertising algorithms.
According to The Markup, some of the most widely used e-filing services use pixels, which process about 150 million individual tax returns electronically each year.
For example, the popular tax-filing service TaxAct asks users to provide personal information to calculate their returns, such as how much money they make and what investments they have. According to a review by The Markup, a pixel on TaxAct’s website sent some of that data to Facebook, including users’ filing status, their adjusted gross income, and their refund amount.
Refunds were rounded to the nearest hundred and income to the nearest thousand. In addition, the pixel sent obfuscated – but generally reversible – information about dependents.
A similar amount of financial data, but not names, are also being sent to Google through TaxAct’s website, which claims to have about 3 million users.
Meta Pixels were not only used by TaxAct. As well as offering an online filing option, H&R Block embedded a pixel on its site to gather information on health savings account usage and college expenses for dependents.
As part of Facebook’s “advanced matching” system, TaxSlayer sent personal information to the social media company as part of its attempts to link web visitors with their Facebook accounts. A pixel on TaxSlayer’s website collected data such as phone numbers, names and dependents of the user filling out the form.
In the same way as TaxAct, Facebook could use obfuscated demographic data to link users with existing profiles. Over 10 million federal and state tax returns were completed by TaxSlayer last year.
It was even used by Intuit, which runs America’s most popular online filing software. Intuit’s TurboTax only sent usernames and, the last time a device signed in to Meta, not financial information. Beyond the sign-in page, the company removed the pixel entirely.
The Markup’s findings show taxpayers “are providing some of their most sensitive information to be exploited,” according to Harvard Law School lecturer Mandi Matlock.
“I find this appalling,” she said. There’s no doubt about it.”
Businesses can embed Meta’s pixel code on their sites, making it freely available to anyone.
Bedrijven en Facebook profiteren van de code. De pixel kan vastleggen welke items een klant op de website van een bedrijf heeft bekeken, zoals een T-shirt. Een bedrijf kan zijn Facebook-advertenties vervolgens targeten op mensen die naar dat shirt hebben gekeken en een publiek vinden dat mogelijk al geïnteresseerd is in zijn producten.
Meta wint ook financieel. Als resultaat van gegevens die zijn verzameld uit tools zoals de pixel, zegt het bedrijf algoritmen te kunnen ontwikkelen die inzicht geven in de gewoonten van internetgebruikers.