One big reason I can think of that would make one want a permanent data purge feature, is that the data is not on their premises but on the service provider's. I think GDPR might even require such a feature under a similar rationale.
So maybe a better formulation would be to force the user to transfer out a copy of their data before allowing deletion? That way, the service provider could well and truly wash their hands of this issue.
Forcing an export is an interesting idea. But, like, from the article it sounds like almost anything would be a better flow. It didn't even warn that any data would be deleted at all.
One further refinement I can think of is bundling in a deletion code with the export archive, e.g. a UUID. Then they could request the user to put in that code into a confirmation box, thereby "guaranteeing" the user did indeed download the whole thing and that the service provider is free to nuke it.
Wouldn't really be a guarantee in technical actuality, but one really needs to go out of their way to violate it. I guess this does make me a baddie insofar that this is probably how "theaters" are born, rituals that do not / cannot actually carry the certainty they bolster in their effect, just an empirical one if that.
One big reason I can think of that would make one want a permanent data purge feature, is that the data is not on their premises but on the service provider's. I think GDPR might even require such a feature under a similar rationale.
So maybe a better formulation would be to force the user to transfer out a copy of their data before allowing deletion? That way, the service provider could well and truly wash their hands of this issue.