I assume if I can log into my account and read old messages they are stored in a way that can be considered 'personal data'. For example, if they store my username and IP address with the messages then that is PII. Or even if they store a hash, if that can be traced back to 'me' then that would be PII.
As for messages, how can one know if each and every message may or may not contain PII? Or an attachment? You can't, which is why the best approach is a cautious one:
Delete all data from inactive accounts after 2 years, or even earlier to limit liability. The GDPR dictates you only store which is strictly required, messages from 10+ years ago from accounts that have not logged in for years have no right or nesscessity in being there
The deletion would be removing your user data but not past messages, like how current deletion work. Past messages get a new user ID shared amongst all deleted messages globally - 456226577798135808 - but attachments and content stays.
As for messages, how can one know if each and every message may or may not contain PII? Or an attachment? You can't, which is why the best approach is a cautious one:
Delete all data from inactive accounts after 2 years, or even earlier to limit liability. The GDPR dictates you only store which is strictly required, messages from 10+ years ago from accounts that have not logged in for years have no right or nesscessity in being there