I mean... There are a zillion reasons this isn't trivial. Imagine I have an app that pays you, and it has to report taxes on it. It can't just delete your info. Imagine an app that sells alcohol, maybe it needs to make sure it has confirmation of your age/info in case of legal action. Imagine a chat application, if you chatted with someone and they deleted their account, would you lose the chat information (or even the name/record of who you chatted with?), no, that's 'your' information too, somehow.

A solution I use for this is to keep 2 sets of data, one operational for the application and one for legal/financial requirements.

When an action such as a payment is taken, or the customer provides certain info that needs to be kept for legal purposes, two records are created. The former can be deleted at will by the user, the latter is completely separate and is kept for as long as needed to comply with laws/regulations.

Didn't say it was trivial. But that's what users expect: a reasonable right to data privacy.

The right to be forgotten is just that - the right to be forgotten. Your issues or needs, whatever they may be (tax info retention, age info retention, etc), take a backseat to the user's rights.

In other words: if there is overlap, the right of one person's data to be forgotten supersedes the right of the other person's data to be remembered.

You should try that logic out come tax day, see how that goes.

I know you wrote this 8 days ago and I dunno if you'll even see my response but deleted has always been a vague term. There are a ton of reasons not to hard-delete data before you arrive at data mining. I know a lot of concerns regarding GDPR and data mining would contend for the hard delete, but a couple people gave you good examples. I just wanted to share one I am looking at right now. Our users have the ability to perform an action over a large set of their own data. Sometimes they do things like deleting relations they didn't realize would have a larger impact. Luckily the code in question doesn't hard-delete the entities, because I just got a ticket today asking if a huge list of IDs could be restored.

I think looking at deletion as the solution to privacy concerns is the wrong way to go about it. Really, the problem is app developers think, "possession is 9/10ths of the law" when it comes to data, when in reality their relationship with the user never captured use of that data for purposes not related to the application. Just because you give your data to the bank when you make an account doesn't mean you consent to them selling it on the dark web. The same concept applies but it is much harder to police and you can even say you're going to misuse the data in the EULAs that nobody reads. In my opinion using user data for purposes unrelated to the application should straight up require explicit consent from every user, lest the seller and recipient be subjected to a fine.

One thing that is confusing about the concept of "deleted" is how do you minimize fraud on a social platform without retaining PII (indefinitely?) of your users.

If there is a known fraudster and you have their selfie image, email address, and ML face vectors, the fraudster requests their account to be deleted. What should the company delete? Maybe the company can keep a one-way hashed email and face vectors, but what about hash-collisions or false positives?

If there is a user that wants their account deleted, but then they come back to the platform (maybe abusing a referral bonus or first-time-only coupon), how do you stop this fraud?