As an American who built several web businesses before moving to Germany 4 years ago, I now shudder at what can be legally done in the US. There is no real perspective of data privacy at all. Now, I often feel that the German (and proposed new EU) standard goes way too far. But, I'm a fan of at least something that can keep such creepy behavior away from identifying users until they identify themselves.
I realize I'm being idealistic in my stance, but I'm not a fan of going too far either. One thing I'm very happy to see in the EU is the focus on there being a standard. Today it it makes it difficult to manage a globally focused user base with so many different legal requirements. The proposed standard in the EU would make it easy to do business here and have a better framework for cooperation with the US than the safe harbor structure today.
