It would be easy enough for the person running a key server to implement removal of an e-mail address (and all data linked to that e-mail address) by anyone who can read e-mail sent to that address: enter your e-mail address here, then click on the link in the message that you will receive shortly. There's a risk that someone could get the data deleted by impersonating the owner of the e-mail address, but how often might that happen and how bad would it be when it does happen?
Is there also a problem of servers propagating data to each other so that data can never be completely removed? There are other reasons besides GDPR why systems should not operate in that way. You've also got defamation, copyright, child abuse images, official secrets and various other things to worry about.
Biting the hand that feeds IT
