See, this is treating "loss of privacy" as an abstraction meaning "any information somehow derived, no matter how indirectly, from my behavior." That's something I fundamentally disagree with. When people get upset about it then I have a hard time taking it seriously.
If I log all the hits to my website and generate aggregate reports based on that, there's no personal information disclosed in the reports. Nobody is harmed and they have no case, as far as I'm concerned. It's the same if I'm outsourcing to Google.
I've heard this argument and, sure, some people just don't care. Privacy. Shmivacy.
But, the thing is the example you gave is just a matter of degree. I mean, if you sold the logs with PII, location info, etc, then that would be near the other end of the privacy continuum. And, since you explicitly provided an example that included aggregate vs personal info, then I assume even you would care about the latter.
So, the question is, at what point along the continuum do you begin to care? Following that, surely you'd allow that others may choose a different point and that, given that it's their privacy, maybe their concerns shouldn't be summarily dismissed?
But, beyond that, the example you gave is invalid. There is a qualitative difference between you logging information about visitors who have chosen to visit your site, versus participating in a scheme to provide that information to a third party who your visitor did not choose to visit. This is especially so when that third party is then able to compile a dossier on that visitor's broader behavior, based on other site-owners who participate.
Add to this that Google is frequently able to personally identify that visitor via their Google login.
Rather than turn this into a one-bit argument (people who either care or don't care about privacy), I would rather talk about privacy risks for vulnerable populations, like activists or people who have crazy exes. A privacy risk is when data could be disclosed to someone who could use it against you.
I'm not sure any of them are threatened by Google Analytics? Google's terms of use prohibit uploading PII to Google Analytics, and it appears they upload data to a separate domain [1], so at least if you don't enable the DoubleClick cookie (which, if you're responsible you shouldn't do), they don't seem to have a way to correlate Google Analytics data with Google logins.
But I only did a shallow investigation. show me the risk and threat model and I'll care.
If I log all the hits to my website and generate aggregate reports based on that, there's no personal information disclosed in the reports. Nobody is harmed and they have no case, as far as I'm concerned. It's the same if I'm outsourcing to Google.