From data modelling point of view it's a challenge to wipe the user data since it will affect a social graph. And there're different strategies to handle corner cases (e.g. how to deal with reactions/replies on "deleted" comments or with reactions on your photos or your reactions on different news, mark as deleted and wipe the content or completely remove nested graph). And it actually makes user tracking much harder (please keep in mind, they're tracking users that have not register yet, in that case user profile might be converted from one user type to another if they are going to continue track you (why didn't want that?)).
It might be much easier to extend account entity with something like:
exactly...I regularly see arguments about how technical compliance with laws or user wishes as 'its hard' as if 'hard' is a counter argument to compliance...
Facebook collects way more data than what you choose to publish. Not to mention, if you want to delete something, Facebook should delete it. Whether other third-parties archive it is beyond scope.
It might be much easier to extend account entity with something like:
- is_deleted (boolean)
- deleted_time (utctime)
- is_suing_us (boolean)
- legal_case_id ...