The headquarters of Meta (formerly Facebook) is seen in Menlo Park, California on November 9, 2022.
Josh Edelson | AFP | Getty Images
Popular tax preparation software including TaxActTaxSlayer and H&R block sent sensitive financial information to Facebook’s parent company Meta thanks to its widespread code, known as a pixel, which helps developers track user activity on their sites, according to a survey by The Markup.
In a report with The Verge on Tuesday, the outlet discovered that Meta pixel trackers in the software were sending information such as names, email addresses, income information and refund amounts to Meta, in violation of its policies. The markup also revealed that TaxAct passed similar financial information to Google via its analytics tool, although this data does not include names.
As CNBC explained in 2018, Meta uses tiny pixels that publishers and businesses embed on their websites. The dots send a message back to Facebook during your visit. And it allows companies to target ads to people based on the sites they’ve already visited.
The report says Facebook could use information from tax websites to power its ad algorithms, even if someone using the tax service doesn’t have a Facebook account. This is yet another example of how Facebook’s tools can be used to track people across the web, even if users don’t know it.
Some statements provided to The Markup suggest that this could be a mistake.
A spokesperson for Ramsey Solutions, a financial advisory and software company that uses a version of TaxSlayer, told The Markup that it “did NOT know and was never made aware that personal tax information was being collected by Facebook from the Pixel”, and that the company notified TaxSlayer to disable SmartTax’s Pixel tracking.
A spokesperson for H&R Block said the company takes the privacy of its customers “very seriously, and we are taking steps to mitigate the sharing of customer information via pixels.”
Beacon discovered the data trail through a project earlier this year with Mozilla Rally called “Pixel Hunt”, where participants installed a browser extension that sent the group a copy of data shared with Meta through its pixel.
“Advertisers should not send sensitive information about individuals through our business tools,” a spokesperson for Meta told CNBC in a statement. “This is against our policies and we are teaching advertisers how to properly configure business tools to prevent this from happening. Our system is designed to filter out potentially sensitive data that it is able to detect.”
Meta considers potentially sensitive information to include information about income, loan amounts, and debt status.
“All Google Analytics data is obfuscated, which means it is not linked to an individual, and our policies prohibit customers from sending us data that could be used to identify a user,” a spokesperson said. from Google to CNBC. “Additionally, Google has strict policies against advertising to people based on sensitive information.”
Representatives for TaxSlayer and TaxAct did not immediately respond to CNBC’s request for comment.
Read the full report on The Verge.
Subscribe to CNBC on YouTube.
WATCH: Facebook fights Apple over user privacy features in iOS update