"Ok, how is this different in principle from, say, web server logs?"
Consider if you put a resume online in PDF format that contained code to phone home to
view your resume.
sends results to some other server. Without any notice to the user.
I think its obvious that it has the potential to be a lot more invasive than a web server
logging a hit that you specifically requested. I don't care if google logs that I went to a
gmail URL. I do care however, if I open a document and it runs unknown code and sends
information to a third party without permission or notice.