For context I am the developer of an app called Digital Carrot[1] that lets users create goals for themselves that are verified by data from connected services. For example someone might create a goal to go to the gym, which the app verifies by reading GPS data from your phone. Needless to say my app handles a lot of very sensitive data and the app's privacy policy prohibits me from accessing any of this data for any reason. I've been curious if there is a way to put some kind of legally binding clause in my privacy policy that would prevent a future owner of the app from just forcing all the users to agree to a new policy that lets them harvest all of this data for nefarious purposes. Does anyone know:
1. Is this possible? 2. Has anyone done something like this? 3. What kind of mechanism would you employ to enforce this?
[1] https://www.digitalcarrot.app/
An agreement to Not Do Evil can be put aside by a judge if it means squeezing money out of the company to the pay creditors, such as by selling the company (and its data-assets) at a higher price.