I lived and worked in France. Am not sure about the situation in Germany. In the U.S. information from retail outlets, credit card companies and any entity to which you must make payments gets aggregated by the big data aggregators such as Choice Point or Lexus Nexus. No consent is requested to consumers to collect, aggregate and reuse that data. EU law requires explicit consent before consumer data and be shared with a third party. The CNIL (Commission Nationale de l'Informatique et des Libertés) is currently reviewing the new Google policy. (http://www.cnil.fr/english/news-and-events/news/article/googles-new-privacy-policy-raises-deep-concerns-about-data-protection-and-the-respect-of-the-euro/) Having worked for several multinationals, I am also aware that the data collection practices in the US often fall afoul of European regulations. (I sincerely wish that "you people" would learn to have a civil conversation)

Having worked for many years in digital security in Europe, I believe that I have some understanding of this issue. It all boils down to the presence (US) or absence (EU) of private credit rating and consumer data collection industries. In Europe, banks are required to do their own risk assessment. If any data collected about a consumer falls in the wrong hands, the collecting party is liable for any damages UNLESS the consumer has given formal (i.e. written) consent for that information to be passed on. In the US, the entire credit industry is predicated on the ability to collect large amounts of data about consumers and then to create risk profiles based on that data.