In order to set up Livepatch on Ubuntu 18.04, one needs to have a Ubuntu One account. Clearly this choice has privacy implications, and possibly also security ones (for instance, in theory, Canonical could choose to deploy malicious patches to one specific user only, and this would go undetected to the public).
Is the choice to require users to create an account purely a commercial choice, or is there a technical reason why an online account is needed, or more practical, to deploy these security patches? Is there anything in the Livepatch technology that could not be accomplished using purely .deb repositories?
There's no technical reason. It's purely fiscal. They sell the live patching service, but offer it for free to individuals. This is done to finance further development of Ubuntu. This is permitted under GPL Licenses. Canonical don't have to give anything away for free - but on the other hand they can not stop you from offering a similar service - either for free or in exchange for money.
They offer it for free for individuals, probably partially because it's a service few individuals would pay for - and they limit the number of computers you can live patch.
When it comes to code, you trust Canonical for other code running on your system. This service would allow them to target you specifically, which is interesting, given the width of National Security Letters.