As part of the Client Access install on the pc you can take the option to customize, and in there you can select or not select the data transfer option.
A really good article written by Ron Turull explains how to use the registration facility on the iSeries to limit data transfer requests. You can totally block a user or limit them to download to a PC but not upload to the iSeries. It is in two parts and the URLs are listed below.
Part 1: The registration facility helps you tailor your system
Part 2. The registration facility helps you tailor your system