[zepto]

As far as I understand it, IAP doesn’t give the app vendor the customer’s personal data.

This is in fact a chief complaint people raise against being forced to use IAP.

Apple is the one holding the customer data, and does provide the customer with a right to be forgotten.

I’m open to the possibility that there is a technical detail I’m overlooking here, but I can’t see the issue.

What’s wrong with just saying: ‘We’ve deleted all the data we have on you. Remember to cancel your subscription in the App Store.’

Where is the legal issue?