This is true, and in practice the solution frequently ends up being a combination of soft deletion and audit logs.
Just pointing out that in some common cases, the goals of consumer data control are impossible to implement, due to conflicting requirements for record retention.
Just pointing out that in some common cases, the goals of consumer data control are impossible to implement, due to conflicting requirements for record retention.