A company that collects personal data based on published privacy policy commitments cannot unilaterally go back on its promises after the information is in the hands of the company, according to a blog post by the Federal Trade Commission (FTC).

Modification to a company’s privacy policy that would allow it to use previously collected data more expansively, for example, by sharing it with additional parties or using it to train Artificial Intelligence engines, coupled with a subtle notification to users about the changed policy, could be considered unfair or deceptive acts and practices prohibited by the FTC Act.

Click here to read the FTC’s blog post.