IRD admits supplying Facebook with ‘raw’ data on 268,000 taxpayers

Forums › Social networks, social media and tools › IRD admits supplying Facebook with ‘raw’ data on 268,000 taxpayers

1 | 2 | 3 | 4

Networkn
32873 posts

Uber Geek
+1 received by user: 15475

ID Verified

Trusted

Lifetime subscriber

#3305660 5-Nov-2024 18:53

How can the CEO not be in front of Parliament right now getting roasted, followed by sacked?

I mean, a government entity gave PII to a company with about the worst track record for privacy and user manipulation.

I can't understand how this doesn't go against their mission statement.

SirHumphreyAppleby

2942 posts

Uber Geek
+1 received by user: 1863

#3305662 5-Nov-2024 19:21

Since we're bashing the IRD for their technical incompetence, I would also like to mention the fact that their notification e-mails (tax return reminders, notice or credit etc.) are sent and signed by a third-party.

That's arguably better than allowing the third party to sign using their domain, but there is really no excuse for any documentation from a government organisation not being signed and unquestionably verifiable as originating from their systems.

Ruphus

469 posts

Ultimate Geek
+1 received by user: 181

#3305664 5-Nov-2024 19:25

To see the lists you've been included on with Facebook advertisers:

After logging into Facebook, click on your profile picture and go to Setting & Privacy > Settings
Click on Accounts Centre
Click on Your information and permissions > Access your information
Click on Ads information > Advertisers who've uploaded a contact list with your information

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#3305720 5-Nov-2024 20:24

Ruphus:

To see the lists you've been included on with Facebook advertisers:

After logging into Facebook,
browse to https://www.facebook.com/your_information/?tab=your_information&tile=ads_and_businesses
Click Advertisers who've uploaded a contact list with your information

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

cokemaster

Exited
4937 posts

Uber Geek
+1 received by user: 1089

Retired Mod

Trusted

Lifetime subscriber

#3305748 5-Nov-2024 22:45

That’s a useful call out on how to check that. Thankfully I’m not one of the ones that had their info loaded, but ANZ NZ, Shareies, harmoney, AMI, One NZ, Southern Cross, Animates, Wise and Sky TV have targeted me through a list containing my contact information.

There are a bunch of Aussie companies too. I think this might be a wake up call on privacy regulations.

webhosting

Loose lips may sink ships - Be smart - Don't post internal/commercially sensitive or confidential information!

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#3305764 6-Nov-2024 08:39

ANglEAUT:
Ruphus:

To see the lists you've been included on with Facebook advertisers:

After logging into Facebook,

browse to https://www.facebook.com/your_information/?tab=your_information&tile=ads_and_businesses

Click Advertisers who've uploaded a contact list with your information

Doing this on a mobile device and following that link takes you to a page without that option, you must click “Ads information” and from there is the option you’ve listed on the last step

Following that however prompts to open the Facebook app, which just opens to your feed.

You're not on Atlantis anymore, Duncan Idaho.

New World

Shop on-line at New World now for your groceries (affiliate link).

alasta

6891 posts

Uber Geek
+1 received by user: 3365

Trusted

Subscriber

#3305767 6-Nov-2024 08:46

cokemaster: That’s a useful call out on how to check that. Thankfully I’m not one of the ones that had their info loaded, but ANZ NZ, Shareies, harmoney, AMI, One NZ, Southern Cross, Animates, Wise and Sky TV have targeted me through a list containing my contact information.

There are a bunch of Aussie companies too. I think this might be a wake up call on privacy regulations.

Is this even legal currently? I thought that the privacy act required companies to use personal information only for the purpose that it was collected? Surely giving that information to a third party for marketing purposes would therefore be a breach of the act?

hasso

76 posts

Master Geek
+1 received by user: 19

#3305768 6-Nov-2024 08:47

Did I actually "agree" to have any of my IRD information shared with any non-government agency?

freitasm

BDFL - Memuneh
80662 posts

Uber Geek
+1 received by user: 41090

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3305772 6-Nov-2024 09:16

Ruphus:

To see the lists you've been included on with Facebook advertisers:

After logging into Facebook, click on your profile picture and go to Setting & Privacy > Settings
Click on Accounts Centre
Click on Your information and permissions > Access your information
Click on Ads information > Advertisers who've uploaded a contact list with your information

Good stuff Facebook presents a huge list NOT IN ANY ORDER. Just to make it harder for you.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

freitasm

BDFL - Memuneh
80662 posts

Uber Geek
+1 received by user: 41090

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3305773 6-Nov-2024 09:17

hasso:

Did I actually "agree" to have any of my IRD information shared with any non-government agency?

The question continues, "and why did anyone inside the IRD thought a complete breach of privacy would be acceptable? How dumb this person/team has to be?"

Should we apply Hanlo's Razor here? "Never attribute to malice that which is adequately explained by stupidity."

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

wellygary

8816 posts

Uber Geek
+1 received by user: 5300

#3305774 6-Nov-2024 09:19

alasta:

cokemaster: That’s a useful call out on how to check that. Thankfully I’m not one of the ones that had their info loaded, but ANZ NZ, Shareies, harmoney, AMI, One NZ, Southern Cross, Animates, Wise and Sky TV have targeted me through a list containing my contact information.

There are a bunch of Aussie companies too. I think this might be a wake up call on privacy regulations.

Is this even legal currently? I thought that the privacy act required companies to use personal information only for the purpose that it was collected? Surely giving that information to a third party for marketing purposes would therefore be a breach of the act?

They will all be doing the "hashed data" verification trick to get round the Privacy Act,

They aren't giving you PI out, they are giving out a code that FB can check against its codes to see customers are present on FB, and if they are they will get targeted advertising...

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

SirHumphreyAppleby

2942 posts

Uber Geek
+1 received by user: 1863

#3305776 6-Nov-2024 09:22

wellygary:

They will all be doing the "hashed data" verification trick to get round the Privacy Act,

They aren't giving you PI out, they are giving out a code that FB can check against its codes to see customers are present on FB, and if they are they will get targeted advertising...

And once they have a match, they can use lookup tables to determine other personal information. So yes, companies are handing personal information to Facebook and this practice needs to stop. Period.

geek3001

223 posts

Master Geek
+1 received by user: 331

ID Verified

Subscriber

#3305780 6-Nov-2024 09:31

hasso:

Did I actually "agree" to have any of my IRD information shared with any non-government agency?

In my view, no.

Interestingly IRD's privacy policy at https://www.ird.govt.nz/about-this-site/your-privacy/privacy-policy under the section Why you might see a certain advertisement on social media has been updated to read:

"We do not use your personal information when advertising on social media and no longer use custom audience lists on social media. Custom audience lists helped us direct messages to specific customers with relevant information and reminders. We stopped doing this in September 2024."

A few weeks ago when this news broke, the IRD's privacy policy stated this:

"We may also use or disclose your information to third parties to assist us to communicate or market our services to you.

To reach groups of people with information that is relevant to them while protecting their privacy, we sometimes provide hashed and fully anonymised information to social media channels when placing advertisements. In this process, your personal information is treated with the utmost integrity by us. The social media channel is not given any identifiable information. We fully comply with our obligations under the Tax Administration Act and the Privacy Act to protect your personal information."

There was no obvious opt-out functionality available, so I would speculate that IRD simply used our data as they saw fit.

I have raised this matter with both the IRD Privacy Officer and the Minister of Revenue who is supposedly responsible for the IRD. The former is, ahem, attempting to explain, and the latter's office won't comment.

hasso

76 posts

Master Geek
+1 received by user: 19

#3305782 6-Nov-2024 09:40

Too bad I can't opt out of paying my taxes...

wellygary

8816 posts

Uber Geek
+1 received by user: 5300

#3305791 6-Nov-2024 09:51

What I find truly baffling is the IRD believe ( or have been convinced) that Socials gets more cut through to taxpayers, than standard communication channels.

I mean IRD have your Address, phone number, and in most cases email. and they have the power of the State to prosecute you if you don't pay them,,,

But they think popping up "targeted" messages to you on FB is a better delivery medium,

TBH it sounds like they are just lazy...

1 | 2 | 3 | 4