You could postpone the deletion (yet mark them as deleted accounts) and let the user know that their content will be removed forever in X days. Not sure how well this works with the GDPR thingy, though.
True, Kind of like a countdown to doomsday. But yeah, I'll definitely look into this as an alternative that would work for everyone if it's GDPR compliant. Thanks for the idea!
Well, their stance isn't just morally bankrupt, it's also illegal in the EU since the introduction of GDPR (EDIT: actually possibly before that too), so if they ever want to deal with EU citizens they better implement account deletion.
Not only are you are well within your moral rights to raise this issue, if you consider this a security risk, which I do, you might even be legally required to do so (though I have no idea about US law in this respect).
From a more personal perspective, I've mostly had bad experiences with companies' reaction when they are pointed out their legal and moral responsibilities. So you might want to consider how this will affect your future career.
This is very true! I forgot to mention it at the time, but I'll be sure to bring it up next call- I'm not finished with them yet! ;) I don't want to be the developer trying to make executive/managerial decisions and overstep my role, but that would also mean more work for me cause then we'd have to block access to certain regions just to ultimately undo it when they come to the same realization.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.