DOJ urged to probe companies’ pixel use

Members of Congress are urging the Department of Justice to look into privacy violations by tax preparation companies for using data-tracking pixels without proper disclosure.

“TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions … used ‘pixels’ [to share] sensitive personal and financial information for millions of taxpayers with Meta,” Sen. Elizabeth Warren (D-Mass.) and a handful of other lawmakers said in an Oct. 18 letter to DOJ Deputy Attorney General Lisa Monaco.

“The Department of Justice [must] investigate those responsible for this shocking breach of taxpayer privacy and take appropriate action without further delay,” said Warren in the letter and joined by Sen. Ron Wyden (D-Ore.), Sen. Richard Blumenthal (D-Conn.) and Rep. Katie Porter (D-Calif.).

The letter charges the tax companies with handing over to Meta, the social media giant, data on their customers' income, refund amounts, filing status, exemptions and deductions, which Meta then used for advertising and to train its AI algorithm.

Pixels are sections of computer code that companies insert into the instructions that browsers use for loading their websites. Companies don’t typically create the code themselves but access it from tech giants like Meta and Google. Once they’re installed, pixels are hard to turn off because they’re built directly into the browser code, data specialists say. Despite the risk they pose, companies are using them to glean information on their website users as they phase out the use of cookies in response to data privacy laws.

“Once [these] trackers are loaded in your browser, they have a ton of ways to track you beyond just third-party cookies,” DuckDuckGo, a privacy-focused search engine, says in an analysis that’s been cited by the Federal Trade Commission.

This isn’t the first time the tax companies’ data tracking practices have come under scrutiny, according to the letter. After they conducted a probe last year, a group of lawmakers in Congress sent a letter to DOJ asking it to look into the companies, but no action was apparently taken. “Since July 2023, we have urged you to act,” the letter said.

Congress’ findings have been replicated by the IRS’ inspector general, and by the IRS itself, which found that the tax companies’ consent statements don’t comply with federal rules because they don’t identify what’s being tracked and how the data is being used, the letter said.

The IRS Inspector General “found that the tax prep companies’ taxpayer consent statements ‘did not comply with the requirements of Treasury Regulation § 301.7216’ because they ‘did not clearly identify the intended purpose of the disclosure or the specific recipient(s) of the tax return information … and the IRS confirmed that these statements do not fully comply with the requirements of Treasury Regulation § 301.7216-3,’” the letter said.

Separate from what DOJ does, the letter shows pixels are on the radar screen of lawmakers and regulators, making it important for general counsel to know whether their organization is using the tracking code, and if it is, to ensure that the data use is captured in its disclosures.

“That’s where some companies … have gotten in trouble — not having proper disclosures,” Darren Abernethy, a data privacy law specialist at Greenberg Traurig, has said.