Well, at any point did we ever think of these entities being bought out, merged with other companies or going bankrupt? What will happen to our personal data? Will those signed privacy policies hold true forever? I am not sure what rules or regulations are there for these circumstances to further protect the consumer.
Regardless, personal information should never be misused or distributed without the consent of an individual. Retailers, under no circumstance should be allowed to use customer’s personal data for any purpose, the most popular that I’ve been seeing now is ‘improve customer experience’. If their policies are ambiguous, they should be restated as protection guaranteed forever even after a company is likely to be bought out, merged or goes bankrupt.