The EU does have laws about this. Most databases, with a very few exceptions, require disclosure of what data is collected and why. Any sale of data about what you buy to political parties would almost certainly be illegal.
Sending data to countries without similar laws, including America, is illegal.
Any agency short of the government is likely not to have access to some significant information. My employer does know I have an annual hospital appointment, which is both free and absolutely predictable, but not the details about why and what happens is none of their business.