A lot has been said in this thread already, so I think I found an article that covers slightly different issues: Data Mining: Where Legality and Ethics Rarely Meet
Here’s a scary quote:
“What’s alarming to me isn’t the strategies companies are applying for their own benefit, but the large, large companies forming data alliances for someone else’s benefit,” says Allen Nance, president of e-mail marketing communications and CRM firm Mansell Group in Atlanta.
The gist of the article is that we are not only tracking user behavior for company A or company B, but that company A and B along with data from company (or government organization) C are being used to create “psychographic profiles of people’s behaviors and habits.”
And this is not illegal, but is it ethical? You may have permission from A and B (implicit or explicit) but the consumer has no say in whether these profiles can be merged to create an online persona against their knowledge.
Opinion: This is where testing overlaps with data science/data mining, and I think this is becoming more of an issue, which we need to look at closely. There may be a place for testers to take part in helping create/maintain a data science code of ethics.