My question, how are they going to be able to tell the difference between a pirate copy, either that had an illegally generated cd key, or that was cracked to not require a cd key, and a copy with a stolen cd key.
When the system is activate a hardware hash is created.. this is basicly a MD5 hash of the basic hardware information of the system this is compared to a hash of your product key.. If the Key hash matches a different hardware hash or a known group of pirated keys your escorted to the appropriate page....
In the case of the kid stealing keys from the school, the hardware hash wont match, or more likely the key will belong to a specific OEM and WILL fail most likely at the initial activation, if not will fail at the Windows GEnuine Advantage check, WGA (what are we at now version 4 or 5).

Also where does this fit into privacy laws etc.
so your a theif and are concerned about getting caught.. ?
Privacy laws are about these companies sharing your information with anyone else.. not to prevent them from collecting it in the first place. I dont even know if a company can use the collected information in a court of law. certainly if they could they would need more compelling evidence to convict you.