I understand, but the law still distinguishes between the two cases. In my experience, typically expunging is handled by a process separate from its creation (it depends on the logging framework, of course). And with the increasing trend of generated logs being ingested, processed, and stored by separate services, often disabling log deletion is a mere API call away.