1. People did not accept this "erosion of privacy". They just don't understand. Mastercard is not going to the every customer and telling them, what exactly they do, what it means and so on. Sure, they ask for "explicit consent", they have contract and agreements and tons of legal documents describing every step. But that does not help people understanding what they do. That is the big misunderstanding of legal requirements like GDPR: It does not prevent erosion of privacy.
2. In general, this is not an erosion of privacy. Honestly? I really do not care what a company does with my transaction data. Why? Because I work in the field of data analytics, big data and I got a little idea of what happen: I'm just a small dot in a very huge picture. Sure, at some point in the very beginning of this process the company tracks my data. But this single data point is not of value. Only the aggregation of an massive amount of data point has a value. Saying "your data" is just framing the opinion into a direction "data collection hurts your privacy". Really no one cares about Mr A from B in C, born in 1900, having n kids and m wifes.
3. You may reply that my data is in danger, if a company is collecting it. That is right. And that's probably the main goal of legal stuff like the GDPR. Data breach can only happen to existing data. No data, no breach. Too easy. But if this is the argument, then you may stop using the internet or any other service.
So, to sum it up:
Let's blame the companies for 1 (misleading) and 3 (no security)... but 2? Yeah well. I think it's fine to collect data. I mean... it's a human thing! Information advantage is an evolutional advantage and information comes from data.
2. In general, this is not an erosion of privacy. Honestly? I really do not care what a company does with my transaction data. Why? Because I work in the field of data analytics, big data and I got a little idea of what happen: I'm just a small dot in a very huge picture. Sure, at some point in the very beginning of this process the company tracks my data. But this single data point is not of value. Only the aggregation of an massive amount of data point has a value. Saying "your data" is just framing the opinion into a direction "data collection hurts your privacy". Really no one cares about Mr A from B in C, born in 1900, having n kids and m wifes.
3. You may reply that my data is in danger, if a company is collecting it. That is right. And that's probably the main goal of legal stuff like the GDPR. Data breach can only happen to existing data. No data, no breach. Too easy. But if this is the argument, then you may stop using the internet or any other service.
So, to sum it up: Let's blame the companies for 1 (misleading) and 3 (no security)... but 2? Yeah well. I think it's fine to collect data. I mean... it's a human thing! Information advantage is an evolutional advantage and information comes from data.