Eye movement signals are becoming an increasingly common data source due to its growing integration into mainstream consumer devices. Although eye tracking enables advancements in several vital applications, the growing accessibility and quality of the data captured by consumer-grade devices raises questions as to whether eye tracking poses risks to user privacy. To proactively address these concerns, it is necessary to identify and meaningfully characterize the privacy implications of eye tracking in consumer devices. Toward this end, we present a literature survey that summarizes the circumstances under which sensitive user characteristics---such as identity, gender, emotion, personality, cognitive load, skills, and fatigue---can be inferred from eye movement data. For each of these potentially sensitive user attributes that are encoded in eye movement, we summarize peer-reviewed methodologies that analyze eye movement signals to reveal them. From this review, we discuss the potential for eye tracking data to be used to enable privacy violations in practical settings, considering factors such as eye tracking signal quality and the availability of other data. In doing so, we identify the most promising avenues for future work in practical privacy enhancement for eye tracking data.