It's possible to set up encryption model where it will be particularly hard to sell data later -- this is one of the things we've spent a decent amount of time building in the company I work for, for this reason. No, we're not selling data, and we're actively working to block that pathway in future even if the leadership has completely changed.

E.g., data at rest for private accounts is encrypted with per-account keys based at some level on the user's login, and internally can't be decrypted until the user is signs in next.