For the EU, Data Protection Directive 95/46 (and the incoming changes from 2012), attempt to offer protection against automatic decisions.
In that document there is the concept of consent and that the consent can only be for the purpose the data was collected for. So should some clever company sell widgets at a loss to collect data and should that data then have an extra purpose in aggregate that does not fall into a protected area (like national security, government functions and all that) and the person did not consent to that reason, then you should (in theory) be able to bubble that argument up to the relevant courts for further inspection.
That's the theory, how well that works in practise... only time will tell.
In the licence plate situation the point would be that this isn't personal data, and thus the data protection directive and the consent requirement doesn't apply.
In the motorcycle example, there is no personal data involved whatsoever - it's just a photo that some motorcycle was there; again, DPD doesn't restrict anything at all for such cases.
Did you read my comment or just scan the second paragraph and assume I was saying license plates weren't public data? I was talking about automated decision making using collected data, I was not saying license plates were or were not public information (in fact, I have previously made some of the same points you are, that a license plate is public information and that an individual has no expectation of privacy in public).
So if a private company were to automate the collection of license plates and therefore have a trove of information that included times and places a car was and then that system was to grow so that insurance companies used that information so rates could be calculated through Bayesian classification using that data to determine risk, then that would be an automated decision based on that data AND THAT is protected (in theory) by that directive and the laws based on it in the member states.
That was the point of my comment. Automated decisions are protected unless you consent to them.
Okay, yes, automated decisions are prohibited in EU when based on unverified, unconsented data - that still doesn't prohibit from automatically gathering that data without consent, storing it forever, distributing it to third parties, and having then some human be interested or prejudiced to you based on that info.
In that document there is the concept of consent and that the consent can only be for the purpose the data was collected for. So should some clever company sell widgets at a loss to collect data and should that data then have an extra purpose in aggregate that does not fall into a protected area (like national security, government functions and all that) and the person did not consent to that reason, then you should (in theory) be able to bubble that argument up to the relevant courts for further inspection.
That's the theory, how well that works in practise... only time will tell.