My central concern is there is a trade off to be made between keeping the data in place and building a capability to actually read/index the actual personal data. My opinion many times is that not having the technical capability to read that data is often a better privacy control in practice than building it to delete data and hoping it doesn’t get repurposed.
You've just almost literally said "yup, we should continue ingesting whatever data, it's totally fine" instead of "yes, we should upgrade our systems not to send and not to receive/store that data"
My central concern is there is a trade off to be made between keeping the data in place and building a capability to actually read/index the actual personal data. My opinion many times is that not having the technical capability to read that data is often a better privacy control in practice than building it to delete data and hoping it doesn’t get repurposed.
That seems to be a minority opinion here.