Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
How would this be done? Like you mentioned, anyone can run a modified instance of Lemmy that does not honor delete requests.
Delete currently renders posts invisible to most users. Delete should actually delete the post from the server.
It’s impossible to ensure that the post is deleted from federated servers, web caches, clients that cache things, etc…