> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?

Complying with complex privacy laws is surprisingly orthogonal to making a product with good privacy.

In another regulatory area (not privacy, but something more historically regulated) we ran into strange situations where complying with the letter of the law would require us to walk back things that we had done in a better way. The laws are not simple and they're not written by engineers or even people who understand what future product needs look like.

The exemption Apple wanted was not from a privacy law, but from the DMA. They never claimed to have an issue meeting their privacy laws when using their own product, it was other people's products that they said they couldn't guarantee the privacy of.

Here's their argument in their own words: https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...

>But Apple's position here is actually really wild: Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws? Didn't they consider that while designing the product?

The DMA isn't a privacy law. In this case, the DMA would appear to require Apple to open up all user data to any AI agent. That removes the ability to provide privacy protections.

You can argue Apple should do that, but you can't in the same breathe argue for privacy.

No, this isn't the claim.

EU wants Apple to open 'Siri AI', with access to a personal context, open to other model/AI providers.

Apple says "We can't do this in a privacy preserving way".

You can definitely question what their true motivations are, but it seems pretty plausible that there is a moral case for this system to not be opened up to other providers who may do a worse job at privacy than Apple (especially when you are Apple and you trust yourself).

I think there is a place in these sorts of ecosystems for privileged players. If you buy an iPhone you implicitly must trust Apple to some degree.

As has been pointed out elsewhere, DMA isn't a privacy regulation. It is simply about competition. You can be in 100% compliance with DMA and poor privacy protections. This is the crux of the problem. How do you preserve the privacy of your customers while complying with regulations where the simplest path is to compromise your customer's privacy?

The issue here isn't EU privacy laws (which Apple has been historically quite good at complying with, by big tech standards); it's EU _competition_ laws.

Lemma 1: you want to protect your users privacy, and are also beholden to regulation enforcing that commitment (GDPR).

Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).

Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.

This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.

> Apple claims to protect user privacy all the time. But they can't offer a product in a major jurisdiction that has actually meaningful privacy laws?

The DMA and the GDPR are laws that at their core make each other more difficult. the stated outcome of the DMA - allowing any vendor/user full access to your device - is not easily supported when solving for privacy.

There’s a difference from being able to protect privacy, and doing so in a way that complies with EU law

Apple is providing a level of privacy far beyond what the laws require. It would be easy if they only wanted to comply with GDPR and DMA.

Protecting user privacy and reducing surface area for litigation against the business can happen simultaneously. Not that it is, but just saying, politics and difficult to define thresholds muddy the waters.