This article is from The Technocrat, MIT Technology Review's weekly tech policy newsletter about power, politics, and Silicon Valley. To receive it in your inbox every Friday, sign up here.

You might think (or at least hope) that sensitive data like your tax returns would be kept under close care. But we learned this week that tax prep companies have been sharing millions of taxpayers’ sensitive personal information with Meta and Google, some for over a decade. 

The tax companies shared the data through tracking pixels, which are used for advertising purposes, an investigative congressional report revealed on Wednesday. Many of them say they have removed the pixels, but it’s not clear whether some sensitive data is still being held by the tech companies. The findings expose the significant privacy risks that advertising and data sharing pose, and it’s possible that regulators might actually do something about it.

What's the story? In November 2022, the Markup published an investigation into tax prep companies including TaxAct, TaxSlayer, and H&R block. It found that the sites were sending data to Meta through Meta Pixel, a commonly used piece of computer code often embedded in websites to track users. The story prompted a congressional probe into the data practices of tax companies, and that report, published Wednesday, showed that things were much worse than even the Markup’s bombshell reporting suggested. 

The tech companies had access to very sensitive data—like millions of peoples’ incomes, the size of their tax refunds, and even their enrollment status in government programs—dating back as early as 2011. Meta said it used the data to target ads to users on its platforms and to train its AI programs. It seems Google did not use the information for its own commercial purposes as directly as Meta, though it’s unclear whether the company used the data elsewhere, an aide to Senator Elizabeth Warren told CNN. 

Experts say that both tax prep and tech companies could face significant legal consequences, including private lawsuits, challenges from the Federal Trade Commission, even criminal charges from the US federal government.

What are tracking pixels? At the center of the controversy are tracking pixels: bits of code that many websites embed to learn more about user behavior. Some of the most commonly used pixels are made by Google, Meta, and Bing. Websites that use these pixels to collect information about their own users often end up sharing that data with big tech companies. 

The results can include information like where users click, what they type, and how long they scroll. Highly sensitive data can be gleaned from those sorts of activities. That data can be used to target ads according to what you might be interested in.

Pixels allow websites to communicate with advertising services across websites and devices, so that an ad provider can learn about a user. They are different from cookies, which store information about you, your computer, and your behavior on each website you visit.  

So what are the risks? These tracking pixels are everywhere, and many ads served online are placed at their direction. They contribute to the dominant economic model of the internet, which encourages data collection in the interest of targeted advertising and hyper-personalization online. Often, users don’t know that websites they visit have pixels. In the past, privacy advocates have warned about pixels collecting user data about abortion access, for example.

“This ecosystem involves everything from first-party collectors of data, such as apps and websites, to all the embedded tracking tools and pixels, online ad exchanges, data brokers, and other tech elements that capture and transmit data about people, including sensitive data about health or finances, and often to third parties,” Justin Sherman, a senior fellow at Duke University’s Sanford School of Public Policy, wrote to me in an email.

“The underlying thread is the same: consumers may be more aware of how much data a single website or app or platform gathers directly, but most are unaware about just how many other companies are operating behind the scenes to gather similar or even more data every time they go online.”

(P.S. The Markup has a great explainer on how you can see what your company is sending to Meta through tracking pixels! Take a read here.)

What else I'm reading

• The FTC is taking on OpenAI, according to a document first published by the Washington Post on Thursday. The agency opened an investigation into the maker of ChatGPT and is demanding records covering its security practices, AI training methods, and use of personal data. The investigation poses the first major regulatory challenge to OpenAI in the US, and I’ll be watching closely. Sam Altman, the CEO, doesn’t seem to be sweating too much, at least publicly. He tweeted that “we are confident we follow the law.”
• Speaking of the FTC, Commissioner Lina Khan, who has enthusiastically taken on Big Tech antitrust cases, was called in front of Congress this week. She faced harsh criticism from some Republican lawmakers for “harassing" businesses and pursuing antitrust suits that the agency has lost. Khan has had a tough go lately. The latest loss came on Tuesday, when a judge ruled against the agency’s attempt to prevent Microsoft’s $69 billion acquisition of gaming company Activision. 
• I love this take on the rapid rise of Threads, the Twitter clone put out by Meta, from the Atlantic’s Caroline Mimbs Nyce. She writes, “Many users may not be excited to be on Threads, exactly—it’s more that they’re afraid not to be.” I’ve resisted joining for now, but I certainly feel some FOMO. 

What I learned this week

China is fighting back against US export restrictions on its computer chips and semiconductors, my colleague Zeyi Yang explains in a piece published this week. At the beginning of July, China announced a new restriction on the export of gallium and germanium, two elements used in producing chips, solar panels, and fiber optics. 

Although the move itself won’t necessarily have a ton of impact, Zeyi writes that this might just be the start of Chinese countermeasures, which could include export restrictions on rare-earth elements or materials in electric-vehicle batteries, like lithium and cobalt. “Because these materials are used in much greater quantities, it's more difficult to find a substitute supply in a short time. They are the real trump card China may hold at the future negotiation table.”