"Also from a legal POV you can't really argue that collecting all conversations for detecting abuse patterns is "unreasonable"/"unnecessary" or similar"

It is also worth remembering that the entity that you are explaining this GDPR retention reasoning to is the government. I don't see the EU telling Anthropic or another AI company they can't do this for safety reasons... what I see is future legislation requiring them to give the EU access to these logs so they can enforce they own definitions of safety on it.