It is possible to turn on data transfer protocol encryption without enabling Kerberos authentication. We have a test suite in the Hadoop codebase named TestEncryptedTransfer that configures data transfer encryption, but not Kerberos, and those tests are passing.
The hadoop.rpc.protection setting is unrelated to data transfer protocol. Instead, it controls the SASL quality of protection for the RPC connections used by many Hadoop client/server interactions. This won't really be active unless Kerberos authentication is enabled though.
Please note that even though it's possible to enable data transfer protocol encryption without using Kerberos authentication in the cluster, the benefit of that is questionable in a production deployment. Without Kerberos authentication, it's very easy for an unauthenticated user to spoof another user and access their HDFS files. Whether or not the data is encrypted in transit becomes irrelevant at that point.