[jhayward]

I'm absolutely being real, and I know how to do it.

It's not even hard in concept. Of course because data export/import mechanisms are so baroque and error-prone it will take effort to implement but that's already true with all existing systems.

Any time you export data you sign the transfer. Anyone else who then re-exports it has to sign, incorporating your signature in to the export, and so on.

It would actually make keeping corporate-held data clean and healthy rather much simpler, which is something people spend considerable time and money on already. And it's a basic policy mechanism to implement subject-dictated controls rather than vague, invisible, and unenforceable corporate-dictated controls such as exist today.