regarding the legal issues, as i see it it's usually about asking the right questions.
if you'll ask legal "can i collect useer feedback?", they will probably answer "no, you cannot".
the real question, "what kind of user feedback can i gather?"
and here the answers usually get more interesting - "is the number of times a user has clicked a button is considered internal?" , "is an feedback the they send explicitly is considered internal data?", "is a feedback session on site where we watch the user using our software is considered internal data?"
so few interesting solutions and questions ou need to ask your legal department -
- anonymous feedback, gather feedback in such a manner you only get anonymous stats, and cannot track the "who" and "what data".
- use the usage stats as feedback.this is a data that is already in your system.
- explicit feedback, don't gather feedback behind their back, ask them for explicit feedback (in the style of -
www.userreport.com) and there you can put all the legal mumbo jumbo of "only send us unsensetive data" and so forth.