Companies using the Internet for their business to consumers (business-to-consumer; B2C) frequently require users to disclose personal information. Online social networks (e.g., Facebook) and other social media services would be nonexistent without having users disclosing personal information. However, for users it is not always favorable to provide personal information openly. The digital availability of personal information facilitates copying, transmitting, and integrating such information easily, and the exploitation of personal information could, thus, result in serious threats which can be both financial and social if in the wrong hands. Still, users’ self-disclosing behavior is manipulable. In short, companies could use system design to either manipulate users to disclose less or more personal information. But what is the role of the company in this context? Is it morally okay to exploit users’ personal information for their own profit? Or do companies have the responsibility to remunerate users whose personal information they exploit? Do companies have the responsibility to protect users from self-disclosing too much? There are two sides. One side supports that companies have to respect the users’ desire for privacy and cannot collect and exploit at all their personal information for the companies’ profit. The other side claims that if users give away their personal information abundantly and freely (e.g., on online social networks), why not use it; those that do not want to provide their personal information should not use the offered service. Total surveillance and full privacy are the two extreme poles, of course. Hybrid forms are possible and currently reality. This paper offers a non-exhaustive overview of available options, how a company may address this issue.