1. Completely ephemeral - check id - no data saved. No real issues.

2. Legally require an audit check - any data that is stored cannot be unstored later, for example age checks to get alcohol.

3. Continuing - say with a pharmacy and controlled substances. The user permits their info to be stored and so has the right to deactivate the record to prevent reuse. Probably cannot insist on destruction of audit data ever.

The current idea of consent being withdrawn doesn't meet any of these well and needs brought into line with reality.