> There is one class of data that you have to delete - and that's personal data that the user doesn't want you to hold any more. There may be local laws (e.g. in the EU) that makes this a mandatory requirement (thanks Gavin)
This is exactly the type of data we're discussing here. So no, contradicting the user's expectation when handling personal data is not a "best practice".