I find this line of thought worthwhile to follow, but it seems that the crucial point is:
as it would need to be verifiable. The question is then whether “data information” is enough to verify. There are certainly cases where that is the case, but there may also be cases where you cannot verify because you cannot check what data has gone in and therefore you cannot check whether the rights to that data. Does that make sense?
Also, then it would be important that someone takes the task of verifying, which puts a burden on the users.