The originating authority MUST keep record of the parties to which it released data. The concerned user SHOULD be able to query this record using the self service interface. The records need to be kept in the minimum for the duration specified by trust network, but in no case for less than 6 hours.
When a data user SP requests data, it SHOULD also create a subscription to receive rectifications to the data. The Originating Authority's records MUST show if the requester created subscription, i.e. whether it is possible to propagate rectifications to it. The Originating Authority MAY refuse data requests, or attach short data retention obligations to the requests, from SPs that do not create subscription to receive rectifications.
When user rectifies or deletes data the authority MUST check its records for SPs that have received the data and by virtue of emitted data retention obligations MAY still have copies of the data. If such party has subscribed to the changes, the authority MUST propagate the data, unless user has given explicit instructions to the contrary.
Soliciting user's instructions on this matter is OPTIONAL. If the receiving party has not subscribed for the updates, and the user has not instructed to withhold propagation, the authority MUST log to audit bus a notice of inability to propagate change. The Dashboard will pick up these notices and allow the user to see them so that the user is aware of incomplete propagation.
When propagating rectifications, the receiving party MUST further propagate, if it has given data to any further parties.