Big/Sensitive choice arguments. Is data deduplicated?

Suppose that we have a template that stores big and/or sensitive data on the ledger:

template BigData
  with
    owner : Party
    data_ : Text
    dataKey : Text
  where
    signatory owner
    key (owner, dataKey) : (Party, Text)
    maintainer key._1

But this template needs to have a dataKey field that is “validated” via an operator functionality:

template Creator
  with
    owner : Party
  where
    signatory owner

    controller owner can
      CreateBigData : ContractId BigData
        with
          data_ : Text
        do
          dataKey <- undefined data_
          create BigData with ..

1. Is data_ stored on the ledger twice (instance of BigData and argument to CreateBigData) ? More generally, are choice arguments persisted on the ledger?
2. What are the permissions of that choice? Can any new participant to the ledger see that owner submitted data_ ?

Hi @Leonid_Rozenberg,

1. Choice arguments are definitely persisted on the ledger. You can get them out of the transaction tree service on the ledger API. In general, they are not deduplicated so they will be stored twice. You could imagine ledgers doing some form of compression but I’m not aware of any ledger that does this at the moment.
2. You can find that information in the ledger model section on privacy.

a party p is an informee of an action A if one of the following holds:

• A is a consuming Exercise on a contract c, and p is a stakeholder of c or an actor on A. Note that a Daml “flexible controller” can be an exercise actor without being a contract stakeholder.

A stakeholder is a signatory or an observer of the contract.

A is a non-consuming Exercise on a contract c, and p is a signatory of c or an actor on A.

So for non-consuming choices, observers won’t see the exercise.