Hi Howard,
The retention period is currently measured from the course end date for the course that an activity is in. For a user it is from the last login time for any user who is no longer enrolled (or has already been deleted).
It would be too dangerous to delete from point of creation.
The data registry's current primary focus is to set the purpose and category of data (and thus the legal bases and retention period). We are looking to provide a read-only report of this data to users See MDL-62551, MDL-62556, and MDL-62557 for more information on the areas we're looking to expand this into.
Thanks,
Andrew