Deleting an email once it has been received could be against the European Data Protection Act (GDPR)?

Webmails and ISPs will probably have to collect consent from the recipient before deleting an email. This can be done in two ways: 
– Gather global consent on the principle of deleting emails that are past their expiration date.
– Requiring an action from the recipient before any email deletion (for example, by having an area in the interface where it says “You have 239 obsolete emails, click here to delete them”)

Spam and abuse

Is it safe to automatically delete spam and phishing attempts? This could prevent the provision of legal evidence.

This can indeed be a problem. In the implementation of the concept, two principles should be taken into account:

  1. An email that has arrived in the spam box is not deleted according to the expiration date, but according to the automatic deletion of spam as usually done. 
  2. In the webmail or email client interface, it must be possible to block the automatic deletion of an email for a specific email or for a sender.