Right, and that's a challenge with privacy in general, whether or not there's a contract (and whether or not that's scoped to apply to future owners of the company).
Right now, the legal system does not always afford breaches and violations of privacy the level of gravitas that they deserve.
Given that personal data is bought and sold every day by various parties, it should be possible to put a dollar value on a particular piece of information (e.g. address, gender, demographic info). I'm not surprised this hasn't happened yet though since it would make assessing damages in privacy breaches much easier for the victims/users and open the door to more lawsuits.
The challenge in this case is assessing the dollar value of a new piece of personal info (room geometry). Perhaps there should be a small floor value (priced in $/byte) for any personal data when assessing damages - it would greatly discourage collecting novel data about users "for future use" or "just because we can".
Edit: "anonymized" data can be discounted based on an expert assessment of how easy it is to de-anonymize.
Right now, the legal system does not always afford breaches and violations of privacy the level of gravitas that they deserve.