If you take my private data and send it to someone else, then you are violating my privacy.
But it's obviously not as simple as equating private data with personal data. If I send you an e-mail, then unless you and I both run our own mail servers, some number of service providers between us are going to be involved in forwarding the mail, complete with your e-mail address and mine. I don't think most people would say sending or receiving an e-mail is violating the other party's privacy, but there is certainly personally identifiable data there, and in connection with other personally identifiable data and when used for other purposes than forwarding the mail it came from, that can become an issue of concern.
It may well be against European law, but that doesn't make it shady.
No, it's the involuntary collection and mining of personal data that makes it shady.
This really has very little to do with European vs. US business. We've had much stronger emphasis on privacy and, consequently, data protection in Europe since long before the Internet was a big deal, and our laws and social expectations reflect that emphasis. This will happen when things like the holocaust are still within living memory and there are still living members of a generation who really did have to fear for their lives because of government power.
The trouble with this debate is that most of the US population has no personal frame of reference here. Most people in the US probably consider the biggest attack on civilians in the modern age to be 9/11, when about 3,000 people were murdered by terrorists. Obviously that was a terrible day, and we've felt the consequences ever since.
However, let's try to put that in perspective, to the extent that any such loss of human life can ever can be. In Europe, most people probably consider the biggest attack on civilians in the modern age to be the Holocaust, when about 6,000,000 people were murdered by Nazis with the power of a state behind them. That is the equivalent of two thousand 9/11s, more than one for every day between the Night of Broken Glass and the end of World War II, and it was backed by a national government gone crazy and with a vast information gathering apparatus used to identify the targets.
There is an old saying about those who do not learn from history. And if you think the US is somehow immune from such barbaric behaviour, I would remind you that the leading candidate for the Republican presidential nomination is a shameless xenophobic racist, not far below him in the list is someone smart enough to be a qualified doctor yet who says no-one should lead the free world if they follow the second most popular religion in the world, and the most famous non-electoral news from the US in recent days has been how a 14-year-old kid was arrested and led away in handcuffs for being interested in building useful things, and how many people involved in running his school and local authorities thought that was OK.
Those are just the headlines from the past week or two, but to an outside observer, they seem to represent a disturbing pattern that has been developing for much longer. We should all be wary of giving any government where these kinds of values are not just tolerated but apparently flourishing the kind of access to huge databases of personal information that we're talking about here.