You can fight what is PII in European courts. I'm just saying how things actually work.
When a company deletes you as a user under GDPR, it does not delete your purchase history for example, because it needs to link the transaction that happened, what was sold, for how much, from which merchant etc. Just because you ask to delete your data does not mean everything associated with you is deleted. The merchant for example will still need to see that the item was sold to someone for a given price etc. That data was not just "yours".
Yes, if you mean true anonymization – i.e. not pseudonymization (e.g. replacing names with a pseudonym) or in any other way retaining personal data (internal identifiers, usage patterns or attributes that combined result in a unique enough fingerprint to identify a specific person, etc.)
Why does it need to link the transaction that happened to a specific account? They certainly need to keep inventory records, but it's enough to note that an item was sold without linking that to a specific account.
Are we using different definitions of the term "purchase history"? To me, that means a list of purchases by a single person. You can derive PII from that, so that's a no-no under GDPR. If you just have transaction records but can't group them by customer, then that's (probably) fine.
Also note that sometimes you're legally required to keep PII for a certain amount of time, e.g., invoices with PII for tax reasons. GDPR says that's fine but you have to keep them for no longer than needed.
> Also note that sometimes you're legally required to keep PII for a certain amount of time
I'm not talking about legal reasons. You can keep the data regardless for any purposes as long as you remove the "personally identifiable information".
For example, you will be required to remove their exact address but you can replace that with the general area (eg. post code) as a part of your anonymization.
And it's definitely possible to derive PII from activity data.