The data dialogue takes place between the 2 counterparties, the user (or data subject) and the organization (the data controller). They hold the public and private keys therefore we have no access to the keys and the data is effectively useless to any third party, including ourselves. We don't want to add to the big problem which exists, so we built the whole system to privacy by design principles with input from Dr. Ann Cavoukian.
If you don't mind to step back a little, the current model that exists were an user (let's call them 1st party) submit their data during account creation, a membership signup, etc. to a company or website (we call them 2nd party) like aaa, bbb, ccc (let's not mention any name here).
The current problem was, the second party usually sell these data to a 3rd party, like an ad service, or whoever interested.
And your solution was to sandwiched yourself between the 1st and 2nd party to be a buffer? Or was it between the 2nd and 3rd party?