> But a business that uses it to run their marketing, using transactions with their business?
It's about informed consent. The businesses should at least warn their customers that they're doing this, and who they're ratting us out to. That way we can each make an informed decision about whether or not to use that business.
What would be even better is if not only would they have to tell you this, but that you could say, "No. I don't agree to this nonsense" and they would have to refrain. They wouldn't even be able to deny you service based on that. They would, of course, be able to use the data if they needed to fulfill the contract with the customer, or if they had some legitimate reason for using it, or if there was some legal requirement for using it. Otherwise they would have to get consent.
It would be a kind of General Data Protection Regulation. All joking aside, and as much as I've grumbled about implementing it at the company where I work, I really wish this was a thing world wide.
It's about informed consent. The businesses should at least warn their customers that they're doing this, and who they're ratting us out to. That way we can each make an informed decision about whether or not to use that business.