Traditional engineers have a code of ethics and it prohibits them from misleading their clients, requires they take certain precautions to prevent unexpected harms. But it does not prevent them from making things intended to harm. They may still design bombs and warplanes, may make guns and bullets for their clients to sell, with no constraints on the final use to which they are applied.
An engineering code of ethics would require us to avoid inadvertent data leaks, but would not constrain us from developing spyware, or programs intended to steal the work of users and profit from it. For that we need a moral position from which to say that these things are wrong, and courage to refuse to do them. We will not find precedent for this in traditional engineering, which has always refused to make this stand.
We do find it in healthcare and law, where doctors and lawyers have duties to their clients that include serving only their clients, not their employers.
The equivalent in software would be that we don't gather data unless it directly serves the user, and we certainly don't let our employers sell it.
We need to take lessons from multiple professions, not just professional engineering.
An engineering code of ethics would require us to avoid inadvertent data leaks, but would not constrain us from developing spyware, or programs intended to steal the work of users and profit from it. For that we need a moral position from which to say that these things are wrong, and courage to refuse to do them. We will not find precedent for this in traditional engineering, which has always refused to make this stand.