I have started to send GDPR art. 17 data deletion requests to some companies using https://yourdigitalrights.org/ . Mostly, to avoid my e-mail leaking in a data breach. However, the template contains a line stating:

Please note that I do not consent to any personal data which is part of this request to be used for any purpose other than fulfilling this request, except in the case of a suppression list, which you may keep in order to ensure that you do not collect any of my personal data in the future.

This means that my e-mail address is still stored (from what I can find sometimes hashed, sometimes in plaintext) in their database. As far as I can find, they are not required to delete it from the suppression list if I ask, but still; isn’t it extremely counter-productive to explicitly state that it’s okay for them to store it in a suppression list (where it can still leak)? Is there any downside to stating in the request that I wish for it to be deleted from there as well?