You’d be forgiven for missing this story, as it flew somewhat under the radar this past week. I spend most days devouring news coverage, and I only vaguely recall seeing a headline flash past. What actually drew my attention to it was a discussion by Matt Taibbi and Walter Kirn in the latest episode of their America This Week podcast. (Brief aside: Highly recommend if you enjoy podcasts on politics and media with a dose of literature thrown in.)
So I nosed around and found there was, in fact, some coverage of it. But certainly not a lot of fanfare about it. (Maybe because it’s summer and stories about taxes seem boring, and there were more interesting things to discuss, like cluster munitions and the coke found in the White House.) Here are the basic facts:
H&R Block and other tax prep companies shared sensitive personal and financial data from tens of millions of customers with Meta and Google, according to a new report from a group of U.S. lawmakers.
The lawmakers, who include Sens. Elizabeth Warren, D.-Massachusetts and Bernie Sanders, I.-Vermont, said they investigated H&R Block, TaxAct and TaxSlayer after a report in The Verge last year alleged that companies were using code that funneled data including users’ income and tax refund amount to Meta.
Tax-prep companies used the code, called Meta Pixel, to send personal data to both Meta and Google, and collected “far more information than was previously reported,” according to a letter sent by the lawmakers to the IRS, Federal Trade Commission, Treasury Department and Justice Department that was viewed by CBS MoneyWatch. The code collected not only people’s names, but also taxpayers’ filing status, approximate adjusted gross income, refund amount, the names of dependents and the amount of federal tax owed, among other items, the investigation found.
The report, titled “Attacks on Tax Privacy: How the Tax Prep Industry Enabled Meta to Harvest Millions of Taxpayers’ Sensitive Data,” is 54 pages long and authored by the offices of Senators Elizabeth Warren (D-MA), Ron Wyden (D-OR), Richard Blumenthal (D-CT), Tammy Duckworth (D-IL), Bernie Sanders (I-VT), and Sheldon Whitehouse (D-RI), along with Representative Katie Porter (D-CA). (Credit where it’s due: I may not agree with these folks on much of anything, but I do appreciate their efforts here.)
Per the report’s Executive Summary:
In November 2022, a public report revealed that major tax preparation companies TaxSlayer, H&R Block, and TaxAct were sharing sensitive taxpayer data with Big Tech firms Meta and Google. In response, Senators Elizabeth Warren, Ron Wyden, Richard Blumenthal, Tammy Duckworth, BernieSanders, and Sheldon Whitehouse, as well as Representative Katie Porter, opened an investigation into the extent of this disclosure and its impact on taxpayer privacy. This report contains the results of that investigation. It reveals that Big Tax Prep has recklessly shared tens of millions of taxpayers’ sensitive personal and financial data with Meta for years, without appropriately disclosing this data usage or protecting the data, and without appropriate taxpayer consent. The sharing of taxpayer data with Meta has put taxpayer privacy at risk and appears to represent a violation of taxpayer privacy laws.
The summary sets out several bullet points of specific findings, including:
- Tax preparation companies shared millions of taxpayers’ data with Meta, Google, and other Big Tech firms.
- Tax prep companies shared extraordinarily sensitive personal and financial information with Meta, which used the data for diverse advertising purposes.
- Tax prep companies and Big Tech firms were reckless about their data sharing practices and their treatment of sensitive taxpayer data.
- Tax prep companies have violated taxpayer privacy laws by sharing taxpayer data with Big Tech firms.
The lawmakers recommend investigation into the matter by relevant enforcement entities, including the IRS, Federal Trade Commission, Department of Justice, and Treasury Inspector General for Tax Administration.
One caveat, I’ll note: Their recommendations and conclusion also speak in glowing terms of the anticipated “free” electronic filing system being rolled out by the IRS in 2024, which would compete with other tax preparation programs. “We also welcome the recent IRS announcement of a free, direct file pilot next year, which will give taxpayers the option to file taxes without sharing their data with untrustworthy and incompetent, tax preparation firms.”
Yet, the IRS has its own uncomfortable relationship with data breaches and untrustworthiness. See, e.g.:
The IRS says it mistakenly made public data for about 120,000 taxpayers
IRS Accidentally Releases 112,000 Taxpayers’ Private Data Again
In Shocking Development, IRS Removes Team Investigating Hunter Biden After DOJ Request
As for the response from Meta and Google to this revelation, it appears to amount to a giant shrug:
Meta said its policies are clear that advertisers “should not send sensitive information about people through our Business Tools,” according to a company spokesman. He added, “Doing so is against our policies, and we educate advertisers on properly setting up Business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.”
Google, TaxAct and TaxSlayer didn’t immediately respond to requests for comment.
It’s the tax prep companies’ fault, you see. Meta tells them not to share this kind of information. This, however, does not appear to stop the tech giant from making great use of the data. Per the report:
Meta also confirmed that it used the data to target ads to taxpayers, including for companies other than the tax prep companies themselves, and to train Meta’s own AI algorithms.
Nothing to see here, folks. Move along.