Last year, federal lawmakers came closer than ever to passing sweeping online privacy legislation when a House committee advanced a federal privacy bill that would have curbed online data collection.
While Congress ultimately adjourned without voting on the bill, some lawmakers appear to be signaling that they intend to make a push for privacy legislation this year.
Most recently, on Thursday, Representative Adam Schiff (D-California) and two other House Democrats posed questions to the Internal Revenue Service about a report that online tax filing services sent data about users to Meta Platforms.
Among other questions, the lawmakers specifically asked what “legislative remedies” Congress should consider “to prevent this from happening again.”
The letter was sparked by a November report in The Markup that Meta's tracking code, the Meta Pixel, resided on several popular tax services' sites, including H&R Block, TaxAct, and TaxSlayer. After The Markup contacted some of the companies, they reportedly revised their practices: TaxAct stopped sending financial information to Meta, while TaxSlayer removed the pixel from their filing sites.
“We believe that the American people deserve to know whose personal information was shared with Meta and Facebook, how this was allowed to happen, and what steps the IRS will take to ensure this cannot happen again,” Schiff, along with Reps. Judy Chu (D-California) and Raja Krishnamoorthi (D-Illinois), said in a letter to J. Russell George, Treasury Inspector General for Tax Administration at the IRS.
“We strongly urge you to take swift action to thoroughly investigate, take steps to mitigate the harm caused, and protect the rights of American taxpayers.”
Schiff and the others noted that Meta's tracking code was also found on health sites, including ones operated by companies that are required to keep patient data confidential.
“It is clear that federal government must investigate,” the elected officials wrote.
It's also clear that even without new legislation, the Federal Trade Commission is planning to more aggressively police online data sharing. In fact, the FTC said as much Wednesday, when it unveiled a complaint alleging that drug discount company GoodRx wrongly transferred data about consumers to ad platforms.
“Digital health companies and mobile apps should not cash in on consumers' extremely sensitive and personally identifiable health information,” Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, stated. “The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation.”