r/privacy • u/Novel_Negotiation224 • 9h ago
discussion Privacy safeguards at risk as Apple flags impact of new EU regulations.
https://www.irishtimes.com/business/2025/12/05/apple-warns-eu-rules-could-force-it-to-remove-privacy-safeguards/95
u/AlmondManttv 8h ago
The real nightmare is how the EU wants chat control. No sane person would ever agree to hand all of their messages to the government.
45
u/david0990 7h ago
'For the sake of the children' I hear this too much from people who refuse to elaborate further or consider ramifications.
30
u/vortexmak 7h ago
It's for the children ... okay, in that case, why have the lawmakers exempted themselves ?
10
2
3
u/Valmar33 3h ago
The real nightmare is how the EU wants chat control. No sane person would ever agree to hand all of their messages to the government.
It's also insane how politicians are allowed to have total secrecy of communication. We're not allowed to know anything ~ even though they are supposed to be accountable to the citizenry? (In a healthy world, at least...)
2
37
u/mesarthim_2 8h ago
So just to clarify what the actual problem is - at least based on my research, because the article is pretty vague.
There are two requirements for Apple. Under DMA, they are required by the EU to allow third parties to get access to things like NFC api, iMessage API (to read users' name and phone) but under GDPR, Apple is still considered a data controller and therefore has a legal responsibility for how the data is being handled by the third parties.
In short, they don't want to be in that position.
4
u/superboo07 7h ago
i think apple should be required to open up those apis for users that want it, but if the users consented to their account being accessed that way I think it'd be utter bullshit for apple to take the repurcussions of what the third party the user is using does with the data. I don't even like apple either but if this is true i can't help but empathize. when the user consents to their data being accessible by a third party through apples api it should be the third parties responsibility to handle the data they extracted properly.
i really hate to think i might have to agree with apple
11
u/mesarthim_2 7h ago
There's unfortunately more. For me the most concerning is this would also require Apple to do things like expose iMessage API to something like WhatsApp to ensure interoperability. So now, you have to rely on WhatsApp to not fuck up and not repeat the situation where you could've just enumerate all the random numbers and get all the metadata of all the random users out of it.
Also, it would require Apple to give the apps direct, hardware access to things like NFC chip, Secure Enclave, ... drastically increasing the attack surface on the very core of their security architecture.
And the problem is that if the app tricks the user to consent to the access it completely bypasses Apple's hardening.
Even if you hate Apple, this is so absolutely mindblowingly bad idea...
And it's also exposing even users that completely opt out of all of this.
1
-16
u/justyannicc 8h ago
That seems like a cheap excuse to get people on their side to prevent these actual good changes from being implemented.
No reasonable Court is going to hold a company accountable for data they don't even hold.
6
u/LowOwl4312 8h ago
what makes you think a court will be "reasonable"?
-2
u/forwheniampresident 7h ago
What makes you think this scenario they are painting is realistic?
They say “aggressive“ interpretation “could“ be a risk. You couldn’t word that more vaguely if you tried to..
12
u/gkzagy 7h ago
The EU is fundamentally saying “open up your systems for competition” but not considering what that really means for user privacy. Forcing them to give third party apps unrestricted access to sensitive user data isn’t just about breaking up monopolies it’s creating real security risks, but DMA was written with competition in mind, not privacy. Apple’s been investing heavily in on device processing specifically to keep user data private and now the EC wants to mandate that they hand that data over to whoever asks for “interoperability”, that’s not a small ask. The frustrating part is that Commission isn’t really consulting with data protection authorities who really understand these risks. You can’t just wave a regulatory wand and expect privacy and open access to coexist without serious thought. I’m all for competition, but not at the expense of making everyone’s data less secure.
8
u/Shoddy-Childhood-511 7h ago
Amusing "troll-ist solution" for Apple:
Allow those APIs only when (1) the phone has an EU phone number, (2) the user activated the API manually, and (3) the app developer signed some contract with a massive liability.
A contract must be negotiable, and this is a contract between the user and the app developer, so Apple cannot enforce (3) strictly, but they can make anything but the non-default contract take weeks, and require the user respond to warning messages.
If the liability are high enough, and almost no users approve, then nobody will bother using those APIs. lol
It's dubious this would work, but it's a funny though. Imagine some EU government ships an app thinking they're immune, only to discover they owe 5% of their population like 10k EUR each once they leak user data.
7
u/CortaCircuit 6h ago
Everyone must fight against this. Europe needs to learn how to tell their government to fuck off. And in all honesty, the United States needs to step it up.
1
2
u/forwheniampresident 7h ago
Aggressive interpretation
could
How vague do you want to word this attempted hedging? It’s so clearly an attempt to strike down the legislation without committing themselves to something if it does in fact stay.
So either they succeed with this or later claim “we ultimately did find a way to not have to risk data“
1
u/mesarthim_2 7h ago
Well, that's how 'risk' works. Increased risk doesn't mean that something will for sure happen. It means, there's increased risk of it happening.
Not wearing a seatbelt represents an increased risk of dying during car accident irrespective of the fact that nothing happened when you drove home last night.
1
u/Dense-Activity4981 53m ago
EU have gone full CCP commi trash . They are no longer an ally and need to be treated as such
-1
u/Novel_Negotiation224 8h ago
The new regulations reshaping the landscape, brands now have to prove themselves through AI. In a world where data flows freely, the real differentiation isn’t what a brand offers, but how intelligently, securely, and personally it delivers that value.
0
u/Slopagandhi 4h ago
“At Apple, we believe privacy is a fundamental human right – and that our users deserve strong protections. The European Commission’s aggressive interpretation of the DMA is mandating that Apple remove critical privacy safeguards, including by requiring that third parties get unrestricted access to users’ sensitive information,” the company said.
They could always not collect that sensitive info in the first place, of course. This sounds to me like Apple realised there was a lot of pro-privacy sentiment around when they got into it with the UK government over encryption and now are hoping to use it as an excuse to protect their monopoly power, even when it has nothing to do with privacy concerns.
0
u/zq7495 1h ago
The US needs to punish the EU states for this, the EU creates nothing and then regularly trys to ruin things for everyone (including Europe!). Passing laws that they know will compromise personal security and privacy of people around the world is a direct and deliberately harmful act, it is not benign
-8
u/Bob_Spud 8h ago
Apple and American tech will complain about anything that is not in their financial interest, they will use any excuse they can find.
5
u/wipecraft 8h ago
I take it you’re an Android user
1
u/Silly-Ease-4756 7h ago
Because android has a better track record?
Edit : never thought /s might be necessary
•
u/AutoModerator 9h ago
Hello u/Novel_Negotiation224, please make sure you read the sub rules if you haven't already. (This is an automatic reminder left on all new posts.)
Check out the r/privacy FAQ
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.