Is it possible to prevent companies from doing this sort of thing? Certain information is necessary in operating a business, such as transaction records for purchases. Other information can be presented as being necessary: how often an advertisment is seen by (supposedly) unique eyeballs is a measure of the quality of their services to advertisers, browser statistics help them design a product that reflects the needs of the user, security logs ensure that their systems aren't being abused. Now I have a hard time figuring out what justification Amazon would use for data collection in this case, but you can bet that they'll make up a convincing one for legislators.

Even if they couldn't make a convincing argument and the data collection ended up regulated, what's to stop them from hosting their services in countries that don't care about privacy? Once that happens, legislators have no control over the collection of data.