Meta’s Pixel Caught Silently Sending Private Financial Data To Facebook
So, another day, another Meta Pixel scandal. The tracking tech has been caught silently sending sensitive financial data to Facebook without user agreement. The breach, which was discovered by The Markup team, involves the major US tax filing services such as H&R Block and TaxSlayer. According to the report, the Pixel sends the private data while the user files their taxes online.
It’s not just basic data either. Names and email addresses, user income, refund amounts and even college scholarships are among the transmitted information. The logic behind it comes from Pixel’s role in tweaking Meta’s advertising algorithms, and the data is collected whether the user has a Facebook account or uses Meta’s other services.
This is something of a big deal, because over 150 million Americans use electronic filing to submit their tax returns, and some of the most widely used tools employ the Pixel tracking technology. The Pixel even sends over information about the user’s dependents, albeit in an obfuscated format.
Pixels are a tracking cookie which Meta uses to help businesses discover more about their customer’s online habits. In 2018, there were around two million of these little bits of code embedded across the web.
The tech tracks what the customer does, for example buying a coat, and then Facebook can use that information to target more specific advertising to that person. Maybe for a scarf to match the coat.
This kind of re-targeting, as it’s called, has become extremely valuable to marketing people everywhere, and it’s one reason why you may see repeated adverts following you around from site to site, for a product you recently bought or browsed.
This is far from the first time Meta’s tracking technology has been the subject of embarrassing disclosures. The tech has been the subject of a flurry of action over the past few months alone. Two lawsuits in May and June accused Meta of gathering private patient data from health portals, in one case with over 600 health providers sharing information without permission.
Meta Has A Long History Of Data Breaches
The company has a string of other lawsuits outstanding for various data privacy issues, including a case from the Attorney General of the District of Columbia over the Cambridge Analytica misuse of citizen data. This latest tax leak is, therefore, yet more proof that Meta is not the most careful guardian of people’s data.
So Pixels embedded by a couple of the tax filing companies utilized automatic advanced matching, which is the most invasive form of tracking. This can include extremely sensitive information, such as income or loan interest.
In fact, the company sometimes collects so much data that it can’t even keep track of themselves. Earlier this year a document written by Meta’s privacy team leaked from inside Facebook, confessing that the company did:
not have an adequate level of control and explainability over how our systems use data.
The problem doesn’t get any more obvious than that. So far, this latest tax data breach has not resulted in any lawsuits for the company.
However, there has been a general scramble amongst the tax filing companies to either remove the Pixel technology completely from their systems, severely curtail the amount and type of data that’s transmitted. We suspect this won’t be the last time something like this will happen.