Some congressional Democrats say three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over at least two years. Their report issued Wednesday urges federal agencies to investigate and potentially go to court over the information H&R Block, TaxAct and Tax Slayer shared with the social media giant. In a letter to the heads of the IRS, the Justice Department, the Federal Trade Commission and the IRS watchdog, the lawmakers say the findings “reveal a shocking breach of taxpayer privacy.” The tax prep companies say they take the privacy of their customers seriously.
  • june@lemmy.world
    9·
    1 year ago

    Their report urges federal agencies to investigate and potentially go to court over the wealth of information that H&R Block, TaxAct and Tax Slayer shared with the social media giant.

    For those that are just curious which companies are involved

    That data came to Meta through its Pixel code, which the tax firms installed on their websites to gather information on how to improve their own marketing campaigns. In exchange, Meta was able to access the data to write targeted algorithms for its own users.

    The program collected information on taxpayers’ filing status, income, refund amounts, names of dependents, approximate federal tax owed, which buttons were clicked on the tax preparers’ websites and the names of text entry forms that the taxpayer navigated, the report states.

    Am I reading this correctly that this was malicious activity by Meta rather than the companies actively sharing data with Meta?

    • CoderKat@lemm.ee
      6·
      1 year ago

      Am I reading this correctly that this was malicious activity by Meta rather than the companies actively sharing data with Meta?

      I’d think no because the companies had to explicitly install Meta’s Pixel on their websites and specifically chose what data to send. Skimming, it sounds like Pixel is clearly documented as being to improve the accuracy of ads that Meta delivers.

      So the companies knew exactly how this data was going to be used and still voluntarily sent it to Meta.

      That said, Meta absolutely should have recognized that this data was too sensitive and banned the companies. Ok, let’s be honest, they’d never do that on their own free will, since the data is obviously extremely valuable to them. More like there needs to be a law preventing Meta from using such data, because companies can’t be trusted to do the right thing on their own.

    • jyter@lemmy.world
      31·
      1 year ago

      Not Meta malicious activity this time, just the creepy tracking that happens on every website for marketing purposes. It’s the tax companies that specifically configured it to take in extra data - your tax data.

      Pixel is used to track things like what page you came from, your IP, your facebook tracking cookies, what buttons you click on when, etc… It’s creepy when you think about it, but fairly typical marketing tracking used by websites to try to optimize people actually buying things when they land on the website, or tracking what sites/ads people click on to get to the site and whether those referring sites generate sales.

      However, pixel can be configured to also capture the data you fill out on a form displayed on a website and it appears these tax preparation companies did that. Someone at each of those companies had to configure each of the additional fields to capture in order to cause that data to be sent to Meta, and they should have known better.