.. it gets a heck of a lot more complex when an enterprise finds ways to bypass Data Protection. One of the holes is that you're perfectly allowed to collect data via 3rd parties, and a data user (someone who buys that data) is under no formal obligation to tell you where they got your details from, so the source can continue to sell this information with gay abandon. It is irritating enough to have to play a game of whack-a-mole, it gets worse when the data is wrong or out of date (few seem to consider data quality a problem).
By way of example, sites like Facebook and Google Picasa bypass EU Data Protection laws by collecting details over YOU from OTHERS.
Every time you tag a picture in Google Picasa with someone else's name you have given Google a picture of that person without their permission - and the pattern to identify that person in any other image they hold. And, as a consequence of Google being a US company, you have given more data about that person to the US government - a government that has proven time and time again that New Labour still has a few things to learn when it comes to violating the private sphere. Who knows, next time they'll use your picture for the "current Osama look" images - better not piss someone off there.
If you really want to promote privacy you shouldn't just reduce the data available about you, but also reduce the data you provide about others, and guard against anyone broadcasting data about you in an uncontrolled way. I'll give you another example of the latter: LinkedIn. Every single iota you do is broadcast to all your contacts if they have signed up for update emails - everything. There too, you have zero control but to remove your profile - you cannot stop the broadcasts to friends other than by bailing out (which I will, just haven't got round to it yet).
Anon, because El Reg can see who I am, and that's enough for me..