Some of America’s largest tax-prep companies have spent years sharing Americans’ sensitive financial data with tech titans including Meta and Google in a potential violation of federal law — data that in some cases was misused for targeted advertising, according to a seven-month congressional investigation.

  • fubo@lemmy.world
    link
    fedilink
    English
    arrow-up
    63
    ·
    edit-2
    1 year ago

    The actual report is here.

    It’s worth noting that the report doesn’t seem to claim any deliberate bad action on the part of Google or Facebook. Those companies didn’t ask the tax preparers to send them taxpayers’ private data; they certainly didn’t pay them for that private data; and it’s possible that no human being at those companies even knew they were receiving taxpayers’ private data.

    Rather, the tax preparers installed Google Analytics and Meta Pixel on their own web sites, just the same as many other site owners do. If you run a web site, you can do that just by signing up online and adding some code to your web pages. You don’t have to have a business deal with the tech companies; and they don’t have to manually review your usage before you install their code onto your site.

    However, by doing this on pages that contained private user data, the tax preparers thereby disclosed that user data to those tech companies. And, as with any other usage of those analytics systems, this data got ingested into those tech companies’ ads systems.

    The tax preparers have an obligation to their users to keep their financial data secure. Treating a web page containing a user’s financial information as if it was just a random web page and installing Google Analytics or Meta Pixel on it, is a violation of that trust.

    • phx@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Yeah, part of the issue is likely them not understanding how the technology works. A lot of companies contact with Google and Facebook to track how ad campaigns on those platforms lead break to their site, and the easiest - often recommended - way is just “here’s a JavaScript snippet, stick it in your global page header and it will just work” without revealing the implications to customers visiting the site.