We've already discussed Employee Privacy. Much of that conceptual framework carries over to Consumer Privacy, especially the distinction between private and public information.
First of all, the concept of "information" is epistemologically complex. The distinction between "public information" and "private information" is deeply rooted in Adam Smith's original distinction between "property" and "information." If there is a such thing as "private property," then why not "private information?" In what sense do individuals "own" information pertaining to their "private lives?" If there is a "right to privacy" is it a moral right or legal right? If there is a legal or moral right to privacy, then is that right a Positive Right or a Negative Right?
So if corporations have a duty to respect the privacy of consumers, what kinds of information ought to be kept private, who is responsible for keeping it private, and how do they do it. Some kinds of information are widely recognized as "private:" financial information, health information, sexual preference, preferred Internet sites, online purchases etc.
Stockholder Theory argues that, ultimately, it's consumers' responsibility to protect their own privacy, by limiting their communication to businesses that promise to protect that privacy. Health insurance companies need your personal health information in order to provide health insurance. Good health insurance companies would promise to protect that information via state-of-the-art information technology, or would consult patients before sharing with other third parties: employers, family members, the media, other sellers etc.
No laws are necessary. Companies that promise to effectively protect confidentiality, will attract buyers that value confidentiality. Companies that do not promise to maintain confidentiality, may attract buyers who do not care about confidentiality. For example, I often visit guitar sites, both guitars and playing guitars. I don't care if those sites share my guitar interests with other sellers. However, I'd rather keep most of my health-related information private, therefore I rarely post anything online that relates to my personal health. No governmental involvement is necessary. Over time the free market will protect privacy, to the extent that some buyers demand it in various contexts.
Stakeholder Theory argues that the free market often fails to protect consumer privacy, and that privacy can often be invaded without consumers even knowing that it is being invaded. Therefore, stakeholder theorists argue we need laws to protect consumers from the invasion of privacy, and the sharing (selling) of that private information to interested third-parties. For example, there are laws that protect the confidentiality of medical information. All providers are legally responsible for asking patients exactly who may have access to that information. The problem with these laws is that they make it difficult for friends and family to find out what's going on; and health care providers are forced to go through time-consuming, and resource-consuming bureaucratic lengths to provide the health care that patients want and need. Utilitarians might, therefore, argue that the costs of protecting consumer information far exceeds the benefits.