Ability to trigger retraction of unconsented, submitted data set

[malloryfreeberg]

As an HCA-DCP wrangler, I want to be able to trigger retraction of a previously submitted data set in response to being notified that the data are not consented.

Replaces HCA-1162

[justincc]

We've never done this yet.

In principle, this doesn't need to be deleted (though it could be) but has to be unavailable to end users. This needs to occur in both the datastore, ingest and anywhere else where the data is held. Seth and Mike Cherry at the DCP said they always flag this, never delete.

This is rare circumstance and the wranglers will always perform this. It has to be done very quickly, so there needs to be some kind of technical mechanism.

[lauraclarke]

It is worth noting there are two set of circumstances where actual deletion is required. The first is if a submitter says the data wasn't openly consented and should not have been submitted. That data must be deleted as we should never have had it.

The second will be if someone requests data to be deleted under GDPR (not sure what if any process for this exists as of yet) here again we will have a legal obligation to delete rather than hide.

The UUIDs will probably need to remain with some sort of flag but the data (and most of the metadata) will need to be actually deleted rather than just hidden.