When ID x opts-out, the Subject Request API needs to include all historical merges for that ID.

Use Case:

GDPR/CCPA liable Customer downloads ID 1. 5 months go by. ID 1 merges into ID 6. Customer does not pick up the merge because their use case does not need the Changelog.

Then the profile owner opts out.

The SR API now yields ID 6, but not ID 1, so the GDPR customer, who checks the SR API weekly, misses the optout and is liable.