Hacker News new | past | comments | ask | show | jobs | submit
aeontech | on: Apple decided not to roll out Siri in EU after denied request for exemption
Lemma 1: you want to protect your users privacy, and are also beholden to regulation enforcing that commitment (GDPR).

Lemma 2: you are obliged by other regulation to offer equal access to user data to third parties, so others can build equivalent functionality (DMA).

Lemma 3: malicious third parties will absolutely try to abuse the access and trick the user into sharing their data by all means possible. You will be held responsible in court of public opinion at minimum and legally at maximum if/when a malicious third party abuses said access.

This is a hard, possibly technically unsolvable problem no matter how much money you might have, because the root issue is not technical, it's the fact that you legally have to give third parties access and no way to control what they do with it - and as others have mentioned in the threads, it's exacerbated by the fact that the regulation doesn't say "this is okay and this is not", it is vague and judges things "by outcome", so you may spend all the time in the world implementing a solution you think will work, and then get hit by fines/lawsuits because the implementation is judged as not sufficient after the fact.

necovek | parent | next
I am not sure this is as much of a tension as you make it sound: where is the obligation that a marketplace administrator will be blamed for any and all breaches of data privacy trust from a participating (likely malicious) third party?

According to GDPR, the app developer is the "data controller" and thus ultimately responsible. Only in the case where Apple knowingly participated in unlawful behavior is it likely to be held accountable, and even then, in addition to the app developer. Obviously, if we are not talking about leaks from the actual App Store system (eg. Apple account logins and user data).

So while it sounds plausible, the legal framework is exactly not what you describe here — Apple can claim to want better protection for customers by not allowing third party apps, but EU rejects that (it can similarly extend to app store itself) and pushes for competitive landscape with DMA instead.

macintux | root | parent | next
Apple certainly is held responsible for such breaches by the public. And, believe it or not, I think they feel responsible for protecting their users.
MBCook | root | parent
But this isn’t a normal app. Apple is the one handing over all the data to the AI service.

Couldn’t someone argue that they “knowingly participated“? Do you think they want that risk?

microtonal | root | parent
Like they now hand over all your contacts, your location, calendar entries, microphone access, camera access. If you choose to do so.

Nothing holds them from having designed this as an API that others can use where the user has permission toggles of what data they want to share with the LLM provider.

nomel | root | parent
This is clearly very different from usual permissions and access.

This would be unprecedented access to user data, enabling the most complete user profiling ever.

Ad companies, like Meta and Google, are going to spend huge amounts of money getting agents ready, because there will be a ridiculous amount of money behind all the data they're going slurp up, and the profiles they'll build for you.

Unless, Apple can figure out how to keep the leaches, that have consistently proven to be so, with court cases for receipts, at bay.

yungookim | parent
This is the smartest summary in the post