What's to prevent the other company from simply saving the user data which is decrypted by their client? You think Cambridge-Analytica didn't store offline backups of all the data they gathered from the Facebook graph APIs?
When I wrote that, I was thinking of a dns-over-https like system and browsers being the client. You're right. A company could pipe the data back to their servers even if it was only decrypted on the user's device and it was illegal.
