In this Herald report

"A new computer program that tracks how people navigate their way around giveaway disks has been attacked for the way it collects information."

These disks send their noxious messages home *without telling you* if you happen to explore these disks on a machine attached to the internet.
In their defence, their "Marketing Manager" (a role which instantly flags ethical standards and intelligence as pre-requisites) is quoted as telling us all the things it doesn't do: no programs downloaded, no personal information gathered, etc. I should bloody well hope not!
But he doesn't seem to understand the ethical difference between tracking web-page usage and covert reporting of a user's session with the contents of a disk.
The information is basically the same, but the means for acquiring the data is VERY different.
A web-page is on a publicly accessible server, and so we are free to examine it *knowing* that the proprietor is watching (just like wares on display on a road-side stall).
With this disk, we are relying on their ethical standards, to *only* report back the navigation route. Establishing such a path for information to be reported without the users' knowledge, leaves an opportunity for abuse to occur if controls on behaviour are not maintained.
Our "Marketing Manager" friend has already alluded to the fact that some of their customers were keen to gather that sort of data.
So the only control is their own self-restraint, no external monitoring: ... and unfortunately uncontrolled businesses are prone to become money-grubbing mercenaries (it's their nature), so the assurances are, basically, insufficient.
Gathering data without consent *IS* immoral, and I suspect there should be some legality that could be stroked here, ... it's still spying.