[curryhowardiso]

This is actually a great technical and legal question. And it depends a lot on the type of service you have, and which jurisdiction's law governs you and your service provider.

On the one hand, we have the EU's "right to be forgotten" actions against Google, which seem to be gaining ground and are essentially bona fide in their protection of the consumer/society, in the sense that it might be a good idea for other jurisdictions to adopt it as well.

But consider the EU (and worldwide) regulation of banking and transactional accounts. Particularly the prohibitions on money laundering and counter-terrorism funding (AML/CTF laws). You're not allowed to open and close a bunch of bank accounts, which means that you don't really have a "right to be forgotten" in this sense either. Nor, if you are not a "legit" user, should you be.

From a technical standpoint, how do you detect the law abiding citizens that want to close (in the sense of permanently deleting records) their account(s) from the malfeasant actors that want to launder money or fund terrorism by holding many accounts over time in order to obfuscate their transaction patterns.

It's an interesting question that the law -- and to a certain extent, the people -- have not yet got a good answer

[DanBC]

RtbF is possibly not relevant here. More important would be the EU regulations on data protections. These say that companies must explain what data they're gathering and why they gather it; and that companies can only gather what they need; and only keep it for as long as they need; and that it must be accurate; and that customers have a right to see the data and to have corrections made.

But even the EU has exemptions and complications around data that's used to prevent crime.

[throwaway199128]

Google retaliates though by putting the reasons for removal on "chillingeffects.org". Chilling indeed that a company has no respect for privacy.