A congressional report released today has exposed the inappropriate sharing of millions of US taxpayers’ financial data by Meta, Google and major tax preparation companies.
The report, spurred by an investigation by The Markup, confirmed that tax filing services such as H&R Block, TaxAct, and TaxSlayer transmitted data to Meta and Google through tracking tools like the Meta Pixel and Google Analytics. The shared data included personal information such as names, income, filing status, and refund amounts.
Lawmakers conducting the investigation criticised the tax companies and the tech firms for their careless treatment and disregard for taxpayers’ privacy. The report stated that the tax prep companies installed tracking tools without fully understanding how tax data could be collected and utilised.
It also revealed that the companies were not fully aware of the current status of taxpayers’ data, which is highly regulated, with penalties for improper sharing ranging from fines to jail time. The report suggests that the companies involved may face criminal penalties for sharing data without proper consent.
The lawmakers have shared the report with federal enforcement agencies, including the Internal Revenue Service (IRS), the Treasury Inspector General for Tax Administration, the Department of Justice, and the Federal Trade Commission (FTC). They have requested a thorough investigation and prosecution of any company or individual who violated the law.
Led by Massachusetts senator Elizabeth Warren and supported by several senators and a representative, all Democrats except for independent Bernie Sanders, the investigation highlights the urgent need for the IRS to develop its own online tax filing system. Unlike many other countries, the United States lacks a widely available, free-tax filing option run by the government.
Meta, H&R Block, TaxAct, and TaxSlayer have yet to come out with a statement regarding the congressional report while Google’s spokesperson emphasised the company’s policies and features to prevent the collection of sensitive data by Google Analytics users, placing responsibility on website owners.
The incident sheds light on the widespread use of the Meta Pixel, a tracking code allowing businesses to target ads on Facebook. Despite Meta’s caution against using it for sensitive data collection, The Markup’s investigation identified numerous cases of sensitive data being shared with Meta, including data from hospitals, telehealth companies, and the U.S. Department of Education.
The report criticised Meta’s inadequate safeguards, which seemingly serve as a means of deniability. Notifications about the shared data were allegedly sent to tax prep companies after The Markup’s article was published in November last year, but the companies claim they never received those notifications. Despite reaching out to Meta for clarification on the status of customer data, the tax prep companies did not receive satisfactory answers.
The congressional report has once more opened a pandora’s box about the extent of data that big tech possesses. On Tuesday, a class action was filed against Google for scraping web data without users’ consent. In May, an investigation revealed that Google doesn’t delete your sensitive location data.