Internal Revenue Service
1111 Constitution Avenue NW
Washington, D.C. 20224
Federal Trade Commission
600 Pennsylvania Avenue
Washington, D.C. 20580
Consumer Financial Protection Bureau
1700 G Street NW
Washington, D.C. 20552
We are writing to express our urgent concerns regarding recent reporting by the Markup alleging that tax filing websites have been sending users’ sensitive financial information to Facebook, and ask that you begin an immediate investigation into these allegations.
On November 22, 2022, The Markup reported that widely used tax filing services such as H&R Block, TaxAct, and TaxSlayer have been covertly transmitting user data and financial information to Facebook when Americans use their services to file their taxes online. The data was allegedly sent through a code called the Meta Pixel and included not only information like names and email addresses but often intimate data including income, filing status, refund amounts, and dependents’ college scholarship amounts. Whether and to what extent the tax filing companies understood that they were making personal information available for Facebook/Meta’s use is unclear. Several of the companies report changing their practice following publication of the Markup report.
Annually, the Internal Revenue Service receives approximately 150 million tax returns filed electronically. Disturbingly, the report suggests that many of the most widely used e-filing services utilize the pixel. Furthermore, the company is alleged to be gathering the information of many of these filers regardless of whether they have an account on Facebook or other platforms operated by its owner, Meta.
This is an extraordinary breach of trust regarding some of Americans’ most personal information. The Markup report indicates that the information-sharing practices appear to violate the privacy policies of the tax preparation companies. Even if compliant, it would be impossible for consumers to understand that such information transmission was occurring, as possibly even the tax preparing companies themselves did not.
These allegations are particularly troubling given the variety of ways that Meta could exploit this sensitive data, including the use of this personal information to power Meta’s manipulative targeted advertising algorithms and further entrench its monopoly. Meta’s long history with data security breaches suggests that this information could also be vulnerable to further exploitation by other bad actors.
We urge you to use the full extent of your investigatory authority to determine the veracity of these allegations along with the culpability of the implicated tax filing services and Meta, under tax information privacy rules and other applicable consumer protection standards.
President, Public Citizen