According to reporting from the Verge and the Markup, several popular e-filing providers have been transmitting sensitive financial information to Meta through Meta Pixel. Meta Pixel is a free advertising analytics service offered by Meta that, similar to cookie files and other persistent user identifiers, collects personalized data about how the users interact with content across the Internet. The Meta Pixel service allows Meta to tailor advertising profiles for users regardless of whether they have a Facebook account.

According to the report, using the Meta Pixel code, several popular e-filing sites collected information such as users’ filing status, their adjusted gross income, and the amount of their refund, then sent that information back to Meta’s servers. Meta’s terms of service prohibit the use of Meta Pixel code to collect sensitive information, and the code on the e-filing sites appeared to be misconfigured or left to default settings in many cases.

Businesses that are considering partnering with an outside analytics provider may wish to carefully inventory what data can be collected and where it will be sent. Privacy laws such as the California Privacy Rights Act could expose a business to Attorney General investigations, fines, and private lawsuits for mishandling sensitive information. While use of these technologies is often free, the legal liability might not be.