META and TikTok are described as spying on their own users through advertising tracking pixels, exfiltrating extensive personal and payment data when people click on ads, according to Dark Reading. The pixels collect PII such as first and last names, email addresses, phone numbers, locations, and even credit card details like last four digits, expiration dates and cardholder names, alongside granular shopping flow information including product names, prices, quantities and the currency used.
The report notes that these pixels run irrespective of user consent, often before a consent banner is shown, and can be configured by advertisers to collect more data. It highlights potential legal risks under GDPR and the California CCPA, suggesting advertisers who consent to run these trackers may face liability, and cites a 2021 class action settlement involving Mass General Brigham as an example of data-privacy enforcement.
Meta and TikTok responses are included—TikTok emphasised that advertisers decide what events and parameters are sent, and Meta did not provide a comment by publication. Dark Reading references Jscrambler’s research, with comments from Gareth Bowker about the data collection and privacy implications.