The only super useful version of this idea is a privacy law that requires services that collect data to offer a “facebook.delete” link to temporarily and permanently remove personal data.
I'm not keen on legally mandating the use of a particular domain extension, unless that extension is managed by a non-profit. Some of the newly-added TLDs have exorbitant annual fees, and if businesses were legally required to use them they could charge whatever they pleased.
Plus, you'd have a collision problem. What if one company has foobar.com and another has foobar.net, and they both collect data? (Imagine they're in completely different industries and the term itself is fairly generic, so there's no possibility of a trademark dispute.) They can't both get the ".delete" version of their second-level label.
You'd have to create the real TLDs as SLDs on .delete, and then the way to make a .delete domain would simply be to append .delete to the existing FQDN.
So you'd thus have foobar.com.delete and foobar.net.delete, no collisions.
facebook.com/.well-known/delete would be a better endpoint. .well-known is already standardized, facebook.com/.well-known/change-password is already implemented, and you have proof you’re dealing with the right party.
A lot of those hoops are an important security measure though. Imagine if someone else could quickly and easily delete your account if they managed to steal your password.
Many services don't even allow you to delete your account, just to disable it and have it hang around in their database as long as they want. That's a blatant violation of privacy.
no, most of the hoops are a dark pattern to discourage you not to delete and/or trick you into incomplete deletion.
presumably a .delete domain wouldn't be "quick and easy", you'd still have to authenticate and perhaps verify intent via OOB method. however, the link to the action would be well known and obvious, instead of having to dig dig dig around a website.
