It is in Germany, at least according to a handful of German government officials with jurisdiction over data security.
I don’t read German and the translations I’ve seen have been pretty poor, but the regulators seem to mistake aggregate data for personal data, among other things so it’s hard to imagine this going too far since the logic behind their argument seems too flawed to gain any real traction.
At the same time, though, the tension between increasing concern over security and privacy and the desire for online marketers to ever more narrowly target consumers – which requires knowing more about them – is only going to grow.
So it will be interesting to see how this plays out. All of us who are responsible digital marketers have been pushing opt-in for forever, but that might lead us down the path of unintended consequences: if opt-in moves from being a consumer choice to a legal mandate, then it becomes more likely that there will be opt-in “services” that consumers subscribe to for convenience and that shield personal information in some way. Not only does that create less choice for consumers, since there might only be the ability to opt in or out of broad categories of information, not individual services, but we’ll be placing a huge amount of data and personal information in the hands of just a handful of these services.
It would be nice to think that these services would all resist the urge to be evil, but I’m not convinced that would last long …