We use Owncloud Community edition in a small office environment, where we also retain strict Chinese walls. We cater for this use by having a single Server Admin User who shares new project folders to the specific project team members - all project-specific content is then created in that folder, with access limited to the project team.
When projects end, the server admin does not cancel shares, as staff at times need to refer back to old work. However, this is suboptimal from a DLP perspective, as client sensitive (old) data is sitting on a whole lot of laptops (never mind that it also clogs up SSL drive space)
It'd be great if the sharer of a folder/document could also set a flag to determine whether a folder/document is available for client sharing or not. In effect, new / ongoing projects would allow for client sharing (and also accessible via the web interface), all old projects would only be available for web checking (and deleted off the client machines when the flag is set).
The application here is different to what is currently available that allows users to selectively sync, and switches that power to the folder/document admin.