[w3rhn2j34oh5o]

There was no Apple data breached. User endpoints were attacked, using various well crafted exploits against their software. This isn't a GDPR (privacy) issue, no company data was leaked, its end user data from their device. Apple tries to protect your data on their devices, but all software has bugs. Bad guys will try to exploit these bugs to reach their goals.

Google does research into making it hard for attackers to compromise user devices. That is the purpose of PZ team. There are no numbers because nobody has these numbers except for the attacker. I am guessing Google has some ball park numbers based on search traffic or web analytics.

If you want to know if you were affected, you need to ask yourself if powerful adversary wants access to your data, possibly because of civil unrest occurring in their territory; and if you visit strange websites related to this. Only the adversary knows for sure, not Apple, Not Google.

[methodover]

The GDPR doesn’t care where the personal data is stored, I thought. It makes no distinction as far as I can tell between data stored on a web server and data stored on a device. You seem to be making a distinction. Is there a source you could reference?