[nobody9999]

>They don't even have to pretend to delete your account, they can actually delete it. But through some linguistic slight-of-hand (i.e., lying) they obscure the fact that your account is not all the data they have on you. Your "account", in a strict sense might just be your username and password. It happens to also be associated with the entire pile of data that is a profile. Once a user no longer has an account, it's what you call a "shadow profile".

A likely scenario. Although I'd say that removing a userid and password from their auth db doesn't qualify as "deleting" an account. Rather, that's disabling an account. And IIUC (I'm not in the EU and not familiar with all the details) the GDPR/EU privacy folks would likely agree with that assessment too.

Perhaps someone with more knowledge of the GDPR could weigh in on what sorts of fines could be levied against Facebook for pulling a stunt like that on European citizens?

Edit: Levied is a more accurate term than "leveled".