I think it’s an important question how we can keep personal data safely. So here are some remarks from my side.
TL;DR: I think the issue of copying personal data won’t be solved technically, but with legally binding contracts and open source apps which can run locally. Solid should make both easier than it is currently.
Honestly I’m not sure what the big selling point should be, I see several small nuances that Solid could improve in this article (transparency, reusing data in different contexts, family-only, local-only, lower development effort). If you want to hear more about these feel free to ask, but it’s probably a bit off-topic to your original question.
Technically, I don’t think this can be prohibited. If the application can process the data in an unencrypted form it can copy it to any server it wants to. But there are also other non-technical aspects to consider.
As already pointed out by @aschrijver , the law could play an important factor in this case.
Maybe there will be a Solid-Fair-Copy standardized clause, which will allow storage of personal data on other servers, but requires the company to have a “Forget me” endpoint which could automatically be invoked on revoking access. So when I stop sharing my health information they are legally bound to delete my data.
While the GDPR provides similar rights already, Solid could make it much more user friendly to make use of these rights. Every data processor could describe with linked data in their profile, how users can opt-out of the processing. This could allow automatic opt-outs with a good UI.
On a more social note, Solid makes the act of sharing data much more transparent which also raises the awareness of the users. My guess is, that this in turn will lead to higher expectations on privacy and therefore better privacy policies by companies. That could lead companies to adopt standardized “Solid-Fair-Copy” statements or opt-out procedures.
And I also want to mention, that in many cases the app could work without sending any data to other servers than the Pod. So when running the app, it only communicates between your device and the Pod provider. For instance, an open source application hosted on github pages could use my health data to warn me if something looks odd, and tell me that I should go to a doctor with this. No requests to other servers would be needed for this app and transparency and trust would be given as it is open source and publicly hosted.