Not really, because the whole thing is misleading from the start.
The sender gets to unilaterally decide if the recipient’s data is shared with Google. The recipient is neither asked for permission up front nor offered the opportunity after the fact to have their associated data removed from Google’s servers. Now, stop and read that again.
For example, when you send a passcode-protected email to a non-Google user, you’ve just allowed the company to link that phone number to that email address, as well as whatever sensitive information is in your message. There is no mechanism whereby the recipient may decline having their phone number associated with their email, neither is there a restriction permitting this feature to be used only for recipients already registered with Gmail.
This is a clever way for Google to gather information on people who’ve likely refused to use their service to avoid just such data collection—all under the ruse of 2FA.
Offering “protection” like this at the expense of another’s privacy isn’t really about protection at all. This is an invasion of privacy for the sake of data mining.