First I want to say that while we decided to open up these end points to allow the open source community to build upon them it was never our intention to support this feature as edX’s GDPR requirements may not be the same as other organizations.
Having said that let me point you to a few things. The emails are not kept, but what is kept an asymetric hash of that users login to prevent a user from re-registering with the same email. Also if you are only running the Open edX application the retirement process isn’t being fully completed anyway. You also need to run these jenkins retirement jobs that do the actual work of removing the data: https://github.com/edx/jenkins-job-dsl/tree/master/platform/jobs. (look for the jobs that start with Retirement*).
My suggestion to you if you don’t want or like the feature of not allowing re-registration of an account using an existing email address, remove that block of code. That said please note again that if you are not configured and running the jenkins jobs above the users data is not actually removed. The reason this is put in to place is to ensure that an account can’t be re-created during the cool off period between when a user requests retirement and when that retirement is executed.
Another option would be to submit a PR with a new API endpoint that would remove this hashed email once the retirement is complete then add it as a step in the jenkins job to call that end point at the end of it’s process.