How tech companies got access to our tax data

This article is from The Technocrat, MIT Technology Review’s weekly tech policy newsletter about power, politics, and Silicon Valley. To receive it in your inbox every Friday, sign up here. You might think (or at least hope) that sensitive data like your tax returns would be kept under close care. But we learned this week…
How tech companies got access to our tax data

The tax companies shared the data through tracking pixels, which are used for advertising purposes, an investigative congressional report revealed on Wednesday. Many of them say they have removed the pixels, but it’s not clear whether some sensitive data is still being held by the tech companies. The findings expose the significant privacy risks that advertising and data sharing pose, and it’s possible that regulators might actually do something about it.

What’s the story? In November 2022, the Markup published an investigation into tax prep companies including TaxAct, TaxSlayer, and H&R block. It found that the sites were sending data to Meta through Meta Pixel, a commonly used piece of computer code often embedded in websites to track users. The story prompted a congressional probe into the data practices of tax companies, and that report, published Wednesday, showed that things were much worse than even the Markup’s bombshell reporting suggested. 

The tech companies had access to very sensitive data—like millions of peoples’ incomes, the size of their tax refunds, and even their enrollment status in government programs—dating back as early as 2011. Meta said it used the data to target ads to users on its platforms and to train its AI programs. It seems Google did not use the information for its own commercial purposes as directly as Meta, though it’s unclear whether the company used the data elsewhere, an aide to Senator Elizabeth Warren told CNN

Experts say that both tax prep and tech companies could face significant legal consequences, including private lawsuits, challenges from the Federal Trade Commission, even criminal charges from the US federal government.

What are tracking pixels? At the center of the controversy are tracking pixels: bits of code that many websites embed to learn more about user behavior. Some of the most commonly used pixels are made by Google, Meta, and Bing. Websites that use these pixels to collect information about their own users often end up sharing that data with big tech companies

The results can include information like where users click, what they type, and how long they scroll. Highly sensitive data can be gleaned from those sorts of activities. That data can be used to target ads according to what you might be interested in.

Pixels allow websites to communicate with advertising services across websites and devices, so that an ad provider can learn about a user. They are different from cookies, which store information about you, your computer, and your behavior on each website you visit.  

So what are the risks? These tracking pixels are everywhere, and many ads served online are placed at their direction. They contribute to the dominant economic model of the internet, which encourages data collection in the interest of targeted advertising and hyper-personalization online. Often, users don’t know that websites they visit have pixels. In the past, privacy advocates have warned about pixels collecting user data about abortion access, for example.