WASHINGTON — A group of congressional Democrats reported today that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years.
Their report urges federal agencies to investigate and potentially go to court over the wealth of information that H&R Block, TaxAct and Tax Slayer shared with the social media giant.
In a letter to the heads of the IRS, the Department of Justice, the Federal Trade Commission and the IRS watchdog, seven lawmakers say their findings “reveal a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms.”
Their report said highly personal and financial information about sources of taxpayers’ income, tax deductions and exemptions was made accessible to Meta as taxpayers used the tax software to prepare their taxes.
That data came to Meta through its Pixel code, which the tax firms installed on their websites to gather information on how to improve their own marketing campaigns. In exchange, Meta was able to access the data to write targeted algorithms for its own users.
The program collected information on taxpayers’ filing status, income, refund amounts, names of dependents, approximate federal tax owed, which buttons were clicked on the tax preparers’ websites and the names of text entry forms that the taxpayer navigated, the report states.
The letter to federal agencies was signed by Sens. Elizabeth Warren, Ron Wyden, Richard Blumenthal, Tammy Duckworth, Bernie Sanders and Sheldon Whitehouse and Rep. Katie Porter. The lawmakers called for the agencies to “immediately open an investigation into this incident.”
They ask the agencies to investigate “and prosecute any company or individuals who violated the law,” saying it could result in billions of dollars in criminal liability to the firms.
The Markup, a nonprofit journalism outlet focusing on technology, initially reported on the data-sharing between tax firms and Meta in November. TaxAct told The Markup then that it takes the privacy of its customers’ data “very seriously” and ”endeavors to comply with all IRS regulations.” TaxSlayer said then that its customers’ privacy is “of utmost importance” and that it had removed the Pixel to evaluate its use.
H&R Block said today that it takes protecting client privacy very seriously and has taken steps to prevent the sharing of information through the Pixel coding.
And Meta said that it has been clear in its policies that advertisers “should not send sensitive information about people through our Business Tools.”
“Doing so is against our policies and we educate advertisers on properly setting up Business tools to prevent this from occurring,” the company said in an emailed statement. “Our system is designed to filter out potentially sensitive data it is able to detect.”
Representatives from the IRS, the DOJ, the FTC and the IRS watchdog also did not immediately respond to requests for comment.
The Democrats say their report serves as an argument for the creation of an electronic free-file system for submitting tax returns that would be run by the government, which the IRS is currently piloting.
The IRS plans to launch a pilot program for the 2024 filing season to test a “direct file” system and help the federal government decide whether to move forward with potentially implementing it in the future.
The IRS in May published a feasibility report laying out taxpayer interest in direct file, how the system could work, its potential cost, operational challenges and more.
The report shows that the majority of surveyed taxpayers would be interested in using an IRS-provided tool to prepare and file their taxes electronically — almost 50% of respondents who preferred the IRS free-file option over commercial tax preparation firms said they preferred to give their financial information directly to the IRS instead of the third party.