There can be a legitimate need to validate requests, for example let's assume I don't like you and email the HN mods pretending to be you and asking to delete "my" account.
I agree when it comes to bullshit like advertising/marketing where fraudulent requests cause no harm to the real data subject.
I agree when it comes to bullshit like advertising/marketing where fraudulent requests cause no harm to the real data subject.