You can build a charter that makes that sort of thing functionally impossible.
Strong data protection guidelines that prohibit giving third-parties access to data would be a starting place, but there are a lot of barriers you could put up to such an outcome (barriers that wouldn't be possible for a for-profit corporation.)
Strong data protection guidelines that prohibit giving third-parties access to data would be a starting place, but there are a lot of barriers you could put up to such an outcome (barriers that wouldn't be possible for a for-profit corporation.)