Re: "opt-out was probably the best choice"
if the data is aggregated with many other people and the original collections are deleted, that's pretty safe, but requires trusting that the original data records are actually being deleted.
Exactly. Trusting is naive. Developers tend to disable data/log deletion when something breaks, then forget to turn it back on again after fixing the problem.
Furthermore, there are always rogue managers/employees/volunteers who feel the rules don't apply to them. If the data is collected, there's a real chance someone will use it for nefarious purposes. Doxxing for dollars, maybe, or for noble social justice causes. "Don't worry, we're only targeting fascists!"