does this not break privacy laws?
I think so! Under my understanding of the UK Data Protection Act (IANAL), this would have to be an opt-in scheme via a tick box on the contract. It used to be opt-out but this was changed.
Under the terms of the law an organization may not share personal data to another party without your consent. It's a pretty decent law, I don't know how the hell it got passed.
Retirement means that when someone says "Have a nice day", you actually have a shot at it.