[eykanal]

Google eng mgr here. I've worked on a few projects related to compliance with various government policies. This isn't "assign a two-pizza team to it, will be done in a quarter"; these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.

Sure, there's a messaging component to this. However, any company that isn't trying to just skirt the law will aim to do this sort of thing correctly, and it's an enormous effort.

[afavour]

To me that reads as an even greater reason not to delay it. If you knew the restrictions day one you’d be able to engineer the system to accommodate them. Waiting until post launch now means a massive amount of re-engineering.

I know it’s not quite as simple as that but I do think it shows Apple are more interested in blaming the EU than reducing the potential issues ahead of time.

[JumpCrisscross]

> If you knew the restrictions day one you’d be able to engineer the system to accommodate them

This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration.

The EU has its laws. Apple has its strategy. The only thing I fault anyone on is the public bickering.

[dylan604]

If Apple is so pro-privacy like they claim, then they'd look for the most strict international privacy laws and abide by them. Then they could feel safe in knowing they could release the product anywhere. The fact they want to make the product available under the "rules" of the least privacy protecting countries first says a lot to me

[tqwhite]

The EU isn't asking for more privacy. This is about interoperability and competition. They don't like Apple controlling the AI interface and want a portal. They want Apple to put a backdoor into their system to allow third parties to access the data. This is insanely difficult to do while maintaining Apple's super-strict (yay!) privacy policy.

[thaumasiotes]

> If Apple is so pro-privacy like they claim, then they'd look for the most strict international privacy laws and abide by them. Then they could feel safe in knowing they could release the product anywhere.

Those are not equivalent statements. You're assuming that privacy is a one-dimensional quantity, so that anything that complies with "the strictest international privacy laws" automatically also complies with any other privacy laws. But this is not actually true. It can easily be the case that every national law allows some set of behavior (different sets for different legal systems), at the same time that the intersection of all those sets is empty.

[1123581321]

DMA is a not a privacy-oriented law.

[MagnumOpus]

But Apple’s excuse not to comply with it is privacy-related.

[JumpCrisscross]

How does that reflect poorly (or positively) on their privacy chops? The dispute is about a competition law, a law Apple is complying with by withholding this feature.

[mr_toad]

They don’t want third parties to be able the access all data on your phone. Do you?

[1123581321]

Yes. There are two values (privacy and competition) that are directly in conflict here.

[rpdillon]

Its because the standard product development strategy is to get the product into the hands of users to determine value and iterate based on feedback.

The EU has rules that are expensive to implement correctly, so if you want early feedback from users, you release elsewhere first. It's a very rational way to approach it.

[JumpCrisscross]

DMA is about competition, not privacy. Apple weren’t requesting a GDPR waiver.

[overfeed]

Apple's concern is at the intersection of DMA and privacy. Apple is worried that other parties having the same level of data access that Apple has today would create privacy issues. This is because Apple's current privacy posture is "Trust Apple with your data" rather than "Trust no one with your data - including Apple", but that would be less profitable, but would have prevented the request for an exception because Apple would be on an equal footing with everyone else, if all they could see was client-encrypted data indistinguishable from random bytes.

[JumpCrisscross]

> Apple is worried that other parties having the same level of access that Apple has today would create privacy issues

But this is solvable. The problem is the work it takes to solve it isn’t worth the hit to time to market. (And possibly even the cost.)

[macintux]

> This is because Apple's current privacy posture is "Trust Apple with your data" rather than "Trust no one with your data - including Apple"

I think that's uncharitable. Apple prefers not to have the data either, hence the preference for on-device processing.

[inetknght]

So Apple doesn't want to compete? Cry me a river.

I could almost feel sympathy if it were something to do with some contract that Apple signed with their AI provider. Who's that, Google?

Ahh, a "competitor"? Yeah... cry me a river.

[sandeepkd]

> This slows down deploying the system globally. Particularly if the target is moving, it may make sense to build lightly so one can pivot, and then build in the compliance stuff after you know you have a winning configuration

This kind of approach is how startups justify everything, however for established companies this would be backward.

I get a feeling that Apple never wanted to do it. They already knew the compliance requirements existed and if they would have wanted to test things then the narrative could have that they are rolling out in other markets first and would roll out with compliance in EU later. Asking for exemption was a bet they tried to play here, they lost and now spinning the narrative.

[jefftk]

Laws and strategy are not fixed, and public bickering is part of how they get optimized.

[lxgr]

Nothing usually gets fixed by making belligerent appeals to emotion in the court of public opinion (which, in the EU, isn't nearly rooting for Apple as much as they might imagine, fwiw). If you want to launch something in a market you know to be heavily regulated, you figure it out or you don't launch. Sure, drop a hint here and there when asked in interviews about your product strategy, but you generally don't pick a public fight with the regulator or legislator in question.

Just imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols delaying the market release of some of their models. Apple really is behaving in a very unusual way here.

And even though I don't like the implication of this (the law should not disadvantage anyone purely for being critical of it), I can't help but wonder how many fewer pages the DMA would be if Apple had engaged with its predecessors in good faith instead.

[JumpCrisscross]

> imagine a European bank publishing a press release about how onerous the US credit card consumer protection laws are, or a Japanese car maker publicly whining about European car safety testing protocols

Both of these happen. European banks complain about American securities law. And all manner of car makers delay releasing vehicles in America and the EU.

[lxgr]

Definitely, but both tone and forum of the complaints are generally pretty different.

[JumpCrisscross]

That’s fair. Apple bickers in the EU and U.S. It doesn’t in China. I have a clear preference for one set of political systems.

[square_usual]

They aren't releasing it in China either.

[seanmcdirmid]

Yet. But they are probably working with Chinese partners (including the government) on releasing something (maybe with Alibaba models instead of Google models, on a Chinese-local cloud rather than google cloud).

[t-sauer]

And they are framing the completely different in that case.

[catlikesshrimp]

As I understood it, you prefer systems with less freedom of speech.

[baq]

Then don’t deploy it for Pete’s sake if you can’t guarantee basic privacy.

[JumpCrisscross]

> don’t deploy it for Pete’s sake if you can’t guarantee basic privacy

This isn’t about privacy. DMA is about interoperability.

[Forgeties79]

I imagine complying with all kinds of laws and regulations slows releases in some way or another and having none of them would allow people to ship faster, so what makes these EU regulations so distinct? Do what you have to do to comply with the law and release, as always.

[JumpCrisscross]

> complying with all kinds of laws delays release in some way or another and having none of them would allow people to ship faster, so what makes these EU regulations so distinct?

DMA was designed to be a comprehensive regulatory suite. Lawmakers knew it would be onerous; that’s why it only applies to large companies.

Also, the DMA’s interoperability requirement creates external partners. Let’s face it, Apple’s track record with Siri sucks. If they launch a system and it is crap again, they may not now want an entire ecosystem of folks who will cry foul if they dump the API and start over.

> Do what you have to do to comply with the law and release, as always

Just follow the law. If that means not releasing in a jurisdiction, do that and then don’t tweet snotty things about it. (Siri AI isn’t launching in China, either. I don’t see PMs complaining about that in public.)

[Forgeties79]

No one complains (out loud) about US regulations either. Ultimately it’s about the weight you can throw as well as PR. Probably easier for Apple to make the EU look bad and drag their feet on it. I imagine they’re still not thrilled about the Lightening->USB-C change

[JumpCrisscross]

> No one complains (out loud) about US regulations either

Everyone constantly does!

[stouset]

Apple was literally the first major company to go all-in on USB-C. They shipped entire devices that only had USB-C ports.

If anything, I would wager they were happy about it. They were going to have to do it anyway, and it would inevitably cause friction for users who were already invested in Lightning cables and third-party devices. The EU forcing this just meant they could shift the blame for any negative sentiment onto the EU.

[BrenBarn]

> This slows down deploying the system globally.

Good. Pretty much everything should roll out way slower.

[JumpCrisscross]

So win-win. EU consumers get a fully-baked, slower-rolled-out product. American consumers and developers get to see it earlier, warts and opportunities and all.

[MBCook]

Don’t forget they’re already basically two years behind when they originally promised this stuff.

[alt227]

So whats the issue delaying a few more months for a worldwide release?

The only reason for this is to take a swipe at the EU and try to push some bad opinion on to them from their customers.

[ornornor]

Okay? I don’t see the problem, these requirements are known from the beginning so if complying wasn’t planned and requires re-architecturing the software to make it happens that’s on the engineering org not on the EU regulator. Unless I’m missing something?

[JumpCrisscross]

The point is complying with the DMA from the outset could mean having to launch a year later everywhere. Skipping the EU makes sense in a fast-moving market (if you’re designated as a gatekeeper).

[inetknght]

> Skipping the EU makes sense in a fast-moving market (if you’re designated as a gatekeeper).

Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it.

> complying with the DMA from the outset could mean having to launch a year later everywhere.

Oh no! Anyway...

Once upon a time, companies delayed launches specifically so they'd launch a better product. That seems to be gone these days and end-users have garbage products as a result.

[tqwhite]

If, like me, you specifically do not want third parties inside the Apple ecosystem, Apple has done a great job. I totally hate the EU's insistence of tearing down Apple's walled garden. That is a huge reason I like their products so much.

[inetknght]

Interoperability only requires Apple to allow third parties to have the same capabilities that Apple does on your device. It doesn't require you to purchase or use a third party service or device. It merely allows you to have that choice in the first place.

[stouset]

And I explicitly do not trust third parties with that sort of access. I am personally thrilled that they don’t and can’t have it.

[mastermage]

Ah yes famously people do not want apps on their phone. (Which are third parties by definition)

[JumpCrisscross]

> Skipping the EU makes sense if the company doesn't want to comply with regulations aimed directly at it

It makes sense if you’re prioritizing time to market and agility. Once you’ve nailed down your product, you can make it compliant for more-onerous jurisdictions. You see this in finance all the time, where the U.S. tends to have the tightest rules around e.g. betting and crypto.

> Once upon a time, companies delayed launches specifically so they'd launch a better product

Because software shipped in a box. Also, compliance is orthogonal to how good a product is. Siri AI might be crap. It might be great. It might be almost perfect and then made great on second release. Everything slows down if the entire development process has to deal with open APIs and lawyers at every turn.

It’s perfectly legitimate to say we’ll develop this in other markets and ship it to the EU when it’s fully baked.

[inetknght]

> It’s perfectly legitimate to say we’ll develop this in other markets and ship it to the EU when it’s fully baked.

It's also perfectly legitimate to legally require business to slow the fuck down and consider how the thing will be used or abused, to make the product not crash for even just basic usages, and to put real safeguards in place against problematic scenarios.

But no, move fast and break things wins the day every day in the US.

[microtonal]

They have already launched two years late. Remember when we all had to buy an iPhone 16 to get Apple Intelligence?

Besides that, Google has shipped many (not all) similar features to Pixels in the EU and have been for years.

[alt227]

DMA has been a thing for 4 years.

Whatever Apple is cooking and however long its taken them, the DMA is not a surprise and they could well have been taking it into account from the very beginning.

[jonhohle]

These are relatively recent and may have come into force after development began, definitely after Siri development an initial integration into personal data.

I suppose if you think these rules are reasonable, you’d be happy to not have this functionality. The rest of the world will be happy to not allow third parties access to our data.

As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.

[miken123]

> As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.

As a small developer, you wouldn't fall under the DMA.

[ragazzina]

> These are relatively recent and may have come into force after development began,

If it were the case, Apple would just say it (with receipts).

> I suppose if you think these rules are reasonable, you’d be happy to not have this functionality.

As a European Apple user I am absolutely OK with not having these functionalities, which I am 100% sure would not even work as advertised given the company track record.

[rsynnott]

> These are relatively recent and may have come into force after development began, definitely after Siri development an initial integration into personal data.

The DMA was substantially finalised by 2020, and came into force in 2023. Apple's AI thing was developed with the full knowledge that it existed. The issue isn't personal data here (that'd be the GDPR, and maybe to some extent the AI Act). The DMA is about _competition_. The EU's issue here is that Apple is giving its own AI thing a level of access unavailable to other vendors' AI things, I'd assume.

> As a small developer

You are not covered by the DMA. You'd need an EEA turnover of 7.5bn and/or a market cap of 75bn, for a start. And you'd also need to be a _platform_. The DMA only really applies to a few companies.

[krzyk]

> As a small developer, the cost to support something like this would be so overwhelming I wouldn’t consider supporting the EU officially.

Would you consider supporting US laws?

[ornornor]

I’m happy to not have it if it’s not compliant, yes.

[tqwhite]

AS we all have complained, Apple has been working on Apple Intelligence for, roughly speaking, forever. Their private compute cloud thing and the protocols that protect it have, I bet, been in place for years. That's what you are missing.

[Hikikomori]

So has the dma.

[fnordsensei]

The point isn’t that it’s easy or straightforward to do. The point is that one of the world’s wealthiest companies can spare the resources needed to comply with the regulations of one of the world’s largest markets.

[JumpCrisscross]

> one of the world’s wealthiest companies can spare the resources needed to comply with the regulations of one of the world’s largest markets

At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.

[disgruntledphd2]

> At what cost? This is Apple’s second bite at AI. Giannandrea fucked up the first time. I’m honestly with Cupertino on not over complicating it the second time around. If they found the right mix of features and architecture, great, then work to port it to high-bar jurisdictions.

I totally agree with you in principle here, but Apple have a pretty large vested interest in not supporting interoperability here (and in the other cases, like Mac mirroring) so I honestly don't see that happening at all.

This is purely a lobbying move against the EU to get EU citizens/politicians to complain about the laws and get an exemption.

And to be fair, Apple's business model is currently structurally incompatible with a lot of the DMA (which I personally think is a good thing), so they kinda have to fight it for a while.

[ahartmetz]

That lobbying move has been tried how many times? It hasn't worked once. There is no disagreement along any political lines I can think of.

It's not that we particularly like the EU government here in the EU. But we do like when they make pro-consumer laws.

[tqwhite]

So, you do without. Easy Peasy.

[inetknght]

> Apple have a pretty large vested interest in not supporting interoperability here

Yeah that needs to stop. This is kinda why the DMA was created in the first place...

[jen20]

It doesn't _have_ to stop - the features just can't ship in the EU while these requirements are in place, which is exactly what is happening here. The law is working as intended, just not in the way the proponents thought it would.

[troupo]

> the features just can't ship in the EU while these requirements are in place,

Yes, they can. Apple wields its duopoly power to try and bend governments to its will.

[JumpCrisscross]

> purely a lobbying move

It can be more than one thing. It’s a lobbying move, to be sure. But it’s also almost certainly a time-to-market and potentially cost-mitigation play, too.

[disgruntledphd2]

I do take your general point here, but if you know you need to implement the DNA requirements then you need to build and plan for some of that well in advance of launch.

I guess I don't see how much time they gain unless they don't plan to ever release a DMA compliant version.

[lokar]

The cost is almost certainly in time, not staff

[Keyframe]

Yet, they chose not to. That also speaks for itself.

[hector_vasquez]

Having worked at Apple and similarly giant companies, the idea that "they have enough money to do it" is incredibly naive. Rewriting all the basic software primitives of the iPhone, or the Mac, or iCloud, or CloudKit, or choose whatever massive surface area this legislation impacts, is not a matter of simply spending enough. Doing so requires the time and attention of the very few subject matter experts who are able to competently do it. The true cost is to your strategy, your business plan, and your product roadmap.

So it becomes a purely business decision: Do we risk a 10% global revenue penalty to release this globally, do we release this everywhere the DMA does not apply, or do we simply not build it? And make no mistake, even if Apple moved heaven and earth to try to comply with DMA they are STILL RISKING the full 10% penalty if the EU decides against them.

[fnordsensei]

Didn’t write “money”, wrote “resources”, but sure.

Yes, there’s a risk to releasing a product whenever you can be held accountable for that product. I understand that Apple seeks to be as unaccountable as possible.

So we ultimately agree with one another: Apple can do it, but doesn’t want to, for various reasons.

[rpdillon]

It's simply a prioritizing time to market over a global release. You tend to release into the most restrictive environments last and the most forgiving environments first, for obvious reasons.

[stouset]

They can, and if they had thought it was advantageous for them to do so, they would have done so.

[tmcb]

> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc.

Maybe the phrasing is unfortunate, but if compliance to the law requires a “redoing”, launching in that market was never a priority in the first place. That’s a completely legitimate choice, but usually companies whining about regulations are making a financial decision rather than an ethical one.

[skeledrew]

There wouldn't need to be a redo if the products had been built with compliance in mind. This law isn't something new; it's been around for years now. Not taking it into account from the beginning with the intention of operating in the jurisdiction means there's definitely intention to skirt. Particularly given the previous issues in the same department.

[eykanal]

No one implements compliance goals for fun. If they didn't think they were going to have to comply, they wouldn't do it. If they thought the law would be overturned they wouldn't do it. Same if they thought they would successfully fight the law in court, if they thought consumers would revolt, if they thought that they were a Special Squirrel who would get exemption, or whatever.

Does this put them stupidly behind schedule? Yes, and bummer for them, but I highly doubt that a company as politically savvy, legally savvy, and wealthy as Apple would do this "by mistake".

[mr_toad]

I wouldn’t want to try and develop a sandbox for an AI that could protect the user and yet still be useful. Having an AI act on your private data but only in the way you want is hard enough when it’s a model that you control on hardware you own. Having third parties running AI on your private data requires a level of trust that I wouldn’t want in the hands of random developers in the app store.

[piyuv]

It’s not an enormous effort if you plan for it. They clearly knew about this, and could’ve afforded to plan for it. Their whole shtick is locking users in, and DMA is their nemesis.

[matheusmoreira]

> completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc

So Google chose to be evil, now they have to rip all the evil out and redo it from scratch. Can't say I have any sympathy. Should have done the right thing from the start.

[epolanski]

Yet Gemini had no issues to comply with EU's DMA and release on all phones?

Let's call it how it is: Android phones allow every competitor to run their chatbot in place of Gemini. Want Perplexity instead of Gemini? You can have it. Samsung launches with Perplexity as of late.

Apple? As always, went into "ay mate, too integrated, can't give the same APIs to competitors" lame excuse.

[yandie]

Appples architecture prevents them from seeing customers data (see Private Cloud Compute documentation). Data that Gemini Assistant (not referring to the distilled version Apple uses) see goes straight to Google. Big difference here.

Weird to say it but the only assistant with any guarantee for privacy by design is Siri at the moment.

[wrxd]

What prevents to have an API that requires something akin Private Cloud Compute from other providers?

Technically makes the implementation of other providers harder but in principle it should be possible, no?

[musictubes]

Apple suggested that but was turned down.

[epolanski]

What is the source of this claim that this is the reason?

[yandie]

https://security.apple.com/blog/expanding-pcc/

The code is open source: https://github.com/apple/security-pcc

[epolanski]

Doesn't mention neither the EU nor DMA.

[NitpickLawyer]

> Data that Gemini see goes straight to Google.

That's not how the deal was announced. You don't pay Bs / year for a licence to gemini to send them your data. You pay that to run it on your own hardware, in your own garden, so the data stays put.

I know the internet is always anti big companies, but this is likely a "not worth it for now, we'll eventually do it" effort from Apple. The EU AI act is a mess, and the effort to simply know what they have to do to comply with it is likely going to take armies of people (not devs) and a lot of time, as the OOP said.

And the saddest part about it, is that Apple has the money and resources to sink into this. Think about all the small players that don't. This is yet again a miss for the commission, with the end result being an insidious form of regulatory capture. It sucks for those of us running small companies. Oh well.

[yandie]

I was referring to Google Gemini AI (their branding is horrible) - Google can see ALL of your interactions with their services - that's not what Apple gets to see

https://security.apple.com/blog/private-cloud-compute/

[zdragnar]

If the options are "launch in the rest of the world quickly and get to the EU later" or "launch everywhere at once years after the competition" PMs and execs are going to choose the latter every time.

[rootusrootus]

Former, you mean?

[zdragnar]

Yes, indeed, I wasn't paying attention.

[rootusrootus]

I figured, just wanted to verify, because while the former seems like the obvious answer, it could be argued with a straight face that Apple's strategy is in fact the latter. Or something like it.

[yxhuvud]

The third option is: launch in a way that is compliant with EU rules everywhere. Except they don't want that as they want to retain their outsized market power.

[tzs]

That's not a third option. It is the second option they listed.

[ErneX]

Are you sure about that?

https://www.business-standard.com/technology/tech-news/googl...

[epolanski]

100%, it's been almost 2 years that you can choose whatever you want.[1]

I run Perplexity in place of Gemini, but I can also run Claude and others.

[1] https://i.imgur.com/BgvxqQQ.png

Apple is just being the usual Apple being both an hardware vendor and giving it's own software advantages that competitors don't have and using the security bogus argument as always.

And yet, people believe that crap and jump into defending Apple as if being an Apple user is their identity, sad.

[ErneX]

But read the article, the EU wants even tighter integration for third parties, so it’s not exactly like Google is out of the woods regarding the DMA and this.

[dktp]

That's not fully true. Lots of things get to Europe later (Gemini memories, though we have them now, Spark as latest noteworthy)

Or never. Like the majority of Pixel 10 on device AI features (image editing, magic cue).

[krzyk]

Some features don't land in Europe because US companies can't handle the amount of languages. For them it is English and maybe Spanish or Chinese because they don't care how heybmake money.

[epolanski]

Nonsense, Google is among the most aggressive when it comes to localization to the point of being oblivious.

I have not been able to switch language in Sheets since 2018, and I've changed any possible setting (even account language).

All guides are in English and I'm stuck with Sheets in Italian.

[microtonal]

I have the AI image editing features on Pixel in Europe.

[krzyk]

Why does systems are not designed take into account that compliance work?

[eykanal]

I assume you're asking this in good faith, so I'll answer in good faith.

Laws vary from country to country, state to state, and they vary tremendously. Laws are also changing all the time. There's literally no way to predict what rules will be in place at any given time.

Also, adding code to meet some government regulation takes time and effort that (form the company's perspective) could be better spent building a product and making money. No one would "choose" to implement some random compliance rule unless they're forced to.

[krzyk]

But EU has a pretty uniform laws, so this comes to just one issue: time. Did Apple start working on this feature before EU implemented the law? This might be the case, but even if it was after, they could start working on implementing that sooner.

It would be good for US companies to know that EU laws are not "guidelines", just as US enforces their laws on companies from outside.

[bel8]

Sure but we're talking about the unified law of almost an entire wealthy continent here. It's EU ffs. Not some small island country in the middle of the ocean.

This looks to me like yet another bet from Apple: "they'll buy iPhones anyway, let them wait".

[rvnx]

Because of move fast and break things mentality. Let's say if ChatGPT was launched respecting GDPR, or respecting copyrights, they would have reached nowhere.

[JumpCrisscross]

> Let's say if ChatGPT was launched respecting GDPR, or respecting copyrights

Bad comparison. Launching with GDPR compliance isn’t particularly taxing if you’re already complying with California’s CCPA. (You need your twenty-eight EU law firms on retainer, but the big firms package that conveniently.)

Copyright theft in AI, on the other hand, is a global phenomenon.

DMA is most akin to the U.S. system of designating financial institutions SIFIs and then putting a bunch of extra requirements on them. Almost intentionally onerous. Hence ringfenced to select large companies.

[aprentic]

You're essentially saying that privacy violations are baked into the cores of these systems.

[happyopossum]

The DMA has nothing to do with Privacy - it's an anti-competition scheme. Apple is saying that privacy is baked in to their approach, and they can't ensure that if they allow every other AI provider the same level of access.

[jen20]

DMA is not about privacy.

[krzyk]

Core not, but here it is. Apple designed the system in a way that the operator can invade your privacy. So if only Apple is the operator it is "OK", but if they allow other operators it is not.

[jen20]

> Apple designed the system in a way that the operator can invade your privacy.

Citation needed.

[greatgib]

The truth is very often that it is long and hard not to do the work to comply but how to not comply or do complicated things to abuse of loophole despite being able to pass the law on the letter of it.

Especially in the case of apple or Google. Look at the app store situation. It is very straightforward to do the work for the whole thing to be open to any competitor. But it is hard to try to design and implement a solution to try to not break any regulations but still manage to keep users captive the maximum without having competitor entering our walled garden.

[KaiserPro]

Meta research eng here

Yes, but also its much cheaper to build it in at the very start.

When we built pervert glasses research platform, if we'd just ignored the data privacy laws we could have built it much quicker. But, the only reason it took extra time is because

1) we had no idea what we were doing and

2) the lawyers had even less idea, so we had to do a bunch of reading and make a best guess.

Turns out the guesses were right, but it was painful getting the lawyers to understand.

[Garlef]

It's also not a "two-pizza team" market.

[Xirdus]

So, what are the chances they'd completely redo multiple core systems in the 18 months they asked for?

[BrenBarn]

> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.

Then you should have done it right the first time.

[fcantournet]

Exactly, and the prupose of these legislation was supposed to be exactly that : force companies to integrate privacy in the core of their products, not to create a list of items to tick.

[Krasnol]

I have a crazy idea: design the product with compliance in mind already!

[apercu]

Agreed, unless you specifically know how a regulator will interpret a broad requirement on a edge case it’s a lot of effort to even figure out what the plan is, much less implement it.

[flohofwoe]

> these types of compliance efforts can mean completely redoing multiple core systems to handle privacy, wipeout, audit, reporting, per-location policies, etc etc. These efforts can involve hundreds to thousands of people for multiple years.

What if I tell you that there's a surprisingly simple, straightforward and above all very cheap solution: don't implement privacy-invading or anti-competitive features in the first place ;)

[hparadiz]

Sure let me wave a magic wand and have a data center that can meet all these regulations materialize before us. Yes I'm sure every American tech company is tripping over themselves rushing to build data centers that are subject to European taxes and regulations for the exact same compute.

[subscribed]

LOL, do you think Apple learnt about the requirements yesterday during the presentation?

[Refreeze5224]

Well if your product wasn't already basically spyware, it wouldn't be so much work to abide by privacy regulation frameworks, now would it? I have no sympathy for how hard it is for surveillance companies to adapt their exploitative business model to the EU.

[bambax]

So? It's also more effort to work everyday to earn a living than simply stealing what you need from your neighbors at gunpoint. But the law's the law.

As a European I'm conflicted because I think this particular set of privacy laws are overreaching bordering on stupid; but "exemptions" for one of the richest corporations on earth would be beyond absurd and infinitely worse.

[yxhuvud]

This is a competition law, not a privacy law.

[ivan_gammel]

Privacy by design isn‘t enormous effort, as every European engineering manager will tell you. It‘s just another reasonable and straightforward set of requirements. Of course, if you want to have privacy-less features in jurisdictions permitting it, that‘s a different story and that‘s a choice.

[celiacFun]

DMA is about competition not privacy. Apple has privacy concerns with complying related to 3rd party access to customer data.

Another aspect here is that even if Apple tries theirto best to comply, the EU could decide they didn’t do a good enough job and fine them 10% of global revenue. Honestly Apple just might not want to take that risk.

[ivan_gammel]

> DMA is about competition not privacy. Apple has privacy concerns with complying related to 3rd party access to customer data.

DMA is reasonable. It‘s not their job to be concerned so much as to block that access completely. Alternative approaches do exist. For example, they may require independent audit of submitted apps if they do not trust regulators and collect small fees to cover operational costs of dealing with audit ecosystem.

[bflesch]

Privacy by design while making a seven-figure salary because you make people buy stuff they don't really need is quite difficult ;)

[mantas]

In this case it looks like EU is requiring to let competitors mess with Apple users privacy.

[krzyk]

Not quite. It is up to Apple to design a system in which operators (even Apple) can't see your data. Apparently they designed it in a way that operator can see it (so it is cool if it is Apple, but not cool if it is someone else).

[mantas]

How can Apple ensure what other cloud models do in their servers?

[pocksuppet]

Is this the new excuse for user hostility? Instead of "think of the children" it's "think of your privacy"?

[mantas]

More like „think of those managing the extended family IT infrastructure“.

[bflesch]

Wow, Google must be a poster child for privacy then.

[joe_mamba]

>These efforts can involve hundreds to thousands of people for multiple years.

And yet Apple had no major issues complying to the draconical demands of the CCP to sell and operate there. Weird.

Also, it's not like Apple can't afford the manpower for this. They're not a hole in the wall mon & pop shop.

[wmf]

The new Siri isn't available in China yet either.

[ErneX]

Or really anywhere, since it comes out in Fall. Unless you count developer betas as available of course.

[MBCook]

It’s also only in English initially.

They can only do so much at once. And Apple is not a “hire an extra 30,000 people“ kind of company.

Apple usually rolls stuff out in stages. This is just an extremely high profile example.

[krzyk]

Has anyone seen a recent LLM release that supports just one language?

[MBCook]

Apple Intelligence supports a number of languages. They showed them on a slide in the keynote.

The new Siri is limited at the moment.

[McDyver]

It goes to show that privacy is not a priority. And it should be.

[anon7000]

No, this is unrelated from privacy. The issue is that the EU won’t allow the new Siri because Apple isn’t willing to open up the system enough for 3rd party AI agents to get the same functionality.

[butlike]

Because Siri is the brand and other competitors will dilute the brand with their inferior products, is the line of reasoning, I'm sure. I'm unclear on why apple is branding the AI launcher or whatever if it's just going to be a wrapper for a third party product, however.

[MBCook]

Which I would argue is HARDER to do while preserving privacy.

[dd8601fn]

Functionally the EU is requiring that Apple dramatically RELAX their privacy and security postures.

I’m sure Apple doesn’t want to cave and give OpenAI free access to the spotlight semantic db, the ability see what’s on your screen at all times, etc.

[inetknght]

> Functionally the EU is requiring that Apple dramatically RELAX their privacy and security postures.

No. Interoperability doesn't require Apple relax their privacy and security postures. It could instead require third parties to improve theirs.

[wtallis]

> It could instead require third parties to improve theirs.

Apple made it sound like their proposal for that was rejected by the EU. And it would be consistent with previous regulatory decisions by the EU for them to not want Apple to be setting the rules for how third-party interoperability partners/competitors ensure privacy.

It seems to me that the EU has a preference for protecting privacy with legal mechanisms, and generally doesn't approve of Apple's attempts to protect privacy with technical mechanisms because that inevitably limits interoperability with systems that aren't designed around the same restrictions and assumptions.

[dd8601fn]

I’m sure they love it when Apple says, “Well… they COULD give us their models to put in private compute, but we’re not paying them for that and they’re not getting any more data than we get, ourselves. Which is exactly none.”

[tzs]

Would that be allowed under EU law?

Apple is building a system that is more private than EU law requires. If they tell say Facebook that Facebook can integrate in but first must meet the same more than is legally required standard Apple is aiming for wouldn't that be anti-competitive?

[microtonal]

Same as you wouldn't want every app to read your contacts or location. If we only had something to do that.

</s>

[rvnx]

Part of it is also a certification circus.

For example, with Copilot, you get a contractual pinky promise that they cannot access your data.

Can engineers really not access ? Can the police really not access ?

It's like AirTag for example. Apple cannot access it because it's scientifically "impossible" by design, but if they sign-in to your account, well it's over.

Once Apple fills the right audit / certification / paperwork they will be able to enable that feature. It could also be a negotiation lever.

[JumpCrisscross]

> privacy is not a priority

Isn’t this less about privacy than competition?

[m3kw9]

EU privacy laws are not there to protect your privacy, its there because the law makers don't know how modern privacy works and wants their name on the law so it seems they did something.

[adrianN]

I think you should elaborate a bit on that because to me it seems that EU privacy laws are actually fairly good at protecting privacy.

[flumpcakes]

EU has some of the best consumer protection and privacy laws on the planet.

[m3kw9]

Their laws are basically the equivalent of if there is no code, there are no bugs. EU laws forces citizens to get no new tech, privacy preserved.

[izacus]

Man, if we had computers in EU we'd be really angry at your dumb false posts.

[microtonal]

Uhm no, EU privacy laws are actually pretty simple: do not collect data you don't need without asking consent from a user first.

Which should IMO be the basic principle worldwide. But unfortunately in many countries, companies are more powerful than governments/regulators, so they get to grab everything they can get their hands on.

[miohtama]

Also it does not matter what you do in the end. If you are Big Tech the EU will sue regardless and always finds an excuse.

[inetknght]

Do you think this is a problem with the EU? I don't. I think it's a problem in the way that Big Tech operates: by function of theft and laundering of data, and by screwing end-users and consumers in favor of profits.

[celiacFun]

It may be a problem with EU regulations. It’s hard to see how Apple could be certain they had complied with the EU DMA law, given its based on vague outcomes rather than clear requirements with extremely large penalties. The fact the EU was only willing to require the DMA regulations be met by large foreign companies doesn’t inspire confidence.

And it’s not like there is a thriving tech ecosystem of successful EU tech companies showing how it’s done. So there is a lot of ambiguity on how companies can reasonably comply without huge risk of 10% global revenue.