What Apple does with this information is unknown, although Apple has represented that it is not collecting data on its users--yet. Nor has Apple disclosed the steps it takes to prevent disclosure or leakage of the information to third parties.
After the Sony BMG Music trojan and subsequent settlement, you'd think that Apple would have given this a little more thought. While iTunes' "phone home" feature is nowhere near as bad as some of the spyware that's out there it's still surprising that Apple would embed such a thing into such a prominent application as iTunes. Didn't they think anyone would notice?
One of the best defenses against unknown and unauthorized data collection is an application from Objective Development called Little Snitch. When any application (like iTunes) tries to establish a network connection, Little Snitch intercepts the attempt and brings up a dialog box telling you all the connection details including the name of the application which initiated the connection. You can either allow the connection, deny it or add a permanent rule for similar future-connections. It's probably the best US$24.95 that you can spend.
According to an Apple statement to Macworld no data is collected. Regardless, the MiniStore recommendation mechanism hidden in iTunes is part of a dangerous trend in digital music. According to the EFF:
When companies like Apple and Sony BMG start adjusting or installing software to micro-monitor our personal and private actions, even under the rubric of convenience, it is just one short stop down the road toward attempting to condition and control our behavior. All it takes is an enforcement protocol to turn recommendations into restrictions overnight.You can block the transmission of your personal data with software like Little Snitch and you can turn off the Apple MiniStore by hitting Command-Shift-M or choose Edit > Hide MiniStore. I recommend turning off the MiniStore until Apple comes clean about its MiniStore data and privacy practices.
If companies like Apple are truly about user empowerment, they must watch this trend closely and remain on the right side of it. Allowing users to upload information voluntarily and expressly with adequate privacy protections is pro-user; surreptitiously siphoning it into a remote database without any privacy guarantees is not. It's time for Apple to pick a side of the line and walk it.