Blog
Tax prep companies under scrutiny for use of Meta pixel
July 17, 2023
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
United States
Tax Prep Companies Under Scrutiny for Use of Meta Pixel
An investigation completed by a group of federal lawmakers revealed that tax prep companies TaxAct, TaxSlayer and H&R Block sent taxpayer information to Meta and Google for years through installation of the Meta pixel and use of Google tools on their respective websites.
According to Senator Warren’s announcement of the investigation, the tax prep companies indicated that they installed the pixels and tools without fully understanding the extent to which they would send taxpayer data to the tech firms, which used the data for advertising purposes.
TAKEAWAY
Although U.S. law does not generally require user consent for use of trackers on a website, consent requirements do apply under certain sectoral laws and regulations.
For example, tax preparers are subject to certain treasury regulations that prohibit the disclosure of tax return information without taxpayer consent, with some limited exceptions. The lawmaker report in this circumstance alleges that the exceptions likely do not apply.
Betterhelp FTC Order Finalized; GooDRx & Adtech push back on class action
Betterhelp FTC order finalized
The FTC announced a final order with mental health counseling service BetterHelp, based on a proposed settlement announced in March regarding the sharing of health information with social media platforms for advertising purposes.
Under the final order, among other requirements, BetterHelp will pay $7.8 million, and will be prohibited from disclosing information from or about consumers, including persistent identifiers such as cookie IDs or mobile device IDs, with third parties for targeted advertising purposes.
They will also be required to instruct that third parties who have received such information in the past without a consumer’s affirmative express consent delete such information within 90 days.
GoodRx, Google, Meta and Criteo push back on class actions
GoodRx, Google, Meta and Criteo are reportedly asking a federal judge to dismiss a class action alleging that GoodRx wrongly shared consumer health information with the tech companies for advertising purposes.
GoodRx is reportedly arguing that the company obtained user consent to share the information in exchange for coupons and discounts.
The tech companies each made separate arguments, largely denying any intent or desire to receive sensitive health information from GoodRx.
Meta also reportedly argued that it shouldn’t be responsible for GoodRx’s misuse of a tracking technology.
TAKEAWAY
The Betterhelp and GoodRx cases (coupled with the tax prep investigation described above) are examples of an increased focus on the use of adtech tracking technologies on websites and apps that may involve sensitive or highly regulated information.
To learn more, watch our webinar about the crackdown on pixel tracking in the US.
Children’s Privacy Class Action Against Google & YouTube Channel Providers Gets a Green Light
A federal appellate court reportedly confirmed an earlier ruling that the federal Children’s Online Privacy Protection Act (COPPA) does not preclude a class action lawsuit filed against Google and YouTube channel providers (Hasbro, Mattel and others), which alleged certain state privacy allegations based on the tracking of children under 13.
The appellate court reportedly rejected Google’s argument that the “core of each claim” in the class action was based on COPPA, among other arguments, allowing the action to proceed.
TAKEAWAY
Although COPPA does not include a private right of action, this ruling confirms that COPPA does not preclude class action lawsuits based on children’s privacy allegations under state torts and common law.
EUROPE
European Commission Releases EU-US Data Privacy Framework FAQs
Shortly after adopting an adequacy decision for an EU-US Data Privacy Framework, the European Commission published a list of FAQs providing foundational information (e.g., “What Is an adequacy decision”) as well as information specific to US government safeguards.
TAKEAWAY
One notable takeaway is that, although US companies will be able to certify their participation in the EU-US Data Privacy Framework (as administered by the US Department of Commerce and enforced by the US Federal Trade Commission), self-certification is not the only option for US companies.
The safeguards put in place by the US Government that are the basis of the adequacy decision apply to all data transfers under the GDPR to companies in the US, regardless of the transfer mechanism used.
Therefore, transfers using other mechanisms, such as standard contractual clauses or binding corporate rules, are also equally facilitated by the safeguards and acceptable means of transferring data.
AEPD Publishes Updated Cookie Guide
The Spanish Data Protection Authority (the AEPD) published a revised version of its “Guide on the use of cookies“, which now includes updates reflecting Directives 03/2022 on deceptive patterns from the European Committee for Data Protection (CEPD).
Specifically, the updated AEPD cookie guide requires that the actions to accept or reject cookies be presented in a prominent place and format and that both actions be at the same level, without making it more complicated to reject than to accept. The guide includes both visual and descriptive examples of how the actions should appear.
TAKEAWAY
Spain isn’t the only country to require equally prominent accept and reject actions. Whether through guidance or enforcement, several other countries (including Ireland, Italy, Finland, Denmark, France, Germany and Greece) have indicated similar requirements.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
FTC and Sensitive Location Data; New Pen Register Class Actions
December 9, 2024FTC takes action against the sale of sensitive data...
California CPPA Issues Notice of Proposed Rulemaking
November 25, 2024News out of California this week. The CPPA moved...
Mitigating risk under the Video Privacy Protection Act (VPPA)
November 23, 2024Because VPPA is just one of many tools being...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.