Europe slams the brakes on Apple innovation in the EU

With its latest Digital Markets Act (DMA) action against Apple, the European Commission (EC) proves it is bad for competition, bad for consumers, and bad for business. It also threatens Europeans with a hitherto unseen degree of data insecurity and weaponized exploitation. The information Apple is being forced to make available to competitors with cynical interest in data exfiltration will threaten regional democracy, opening doors to new Cambridge Analytica scandals.

This may sound histrionic. And certainly, if you read the EC’s statement detailing its guidance to “facilitate development of innovative products on Apple’s platforms” you’d almost believe it was a positive thing. Gee, you might think, now those no-mark, cheap not-so-smart watches will offer some of the features Apple invented. But the positive spin of a press release puts a gloss over a tide of darkness.

What Europe wants

Device manufacturers and app developers will be provided with improved access to iPhone features that interact with connected devices (e.g. displaying notifications on smartwatches), faster data transfers (e.g. peer-to-peer Wi-Fi connections, and near-field communication) and easier device set-up (e.g. pairing). 

To force this interoperability, developers will gain “improved access to technical documentation on features not yet available to third parties, timely communication and updates, and a more predictable timeline for the review of interoperability requests.”

The words, “not yet available” do a lot of heavy lifting in the above. They basically require that, when developing new features, Apple must also develop those features to be compatible with competitive system for no cost. That’s going to raise the cost of development and slow the introduction of new features in the EU.

The specification decisions are legally binding. Apple is required to implement them in accordance with the conditions set out in the decisions, European regulators explained, adding that Apple still has the right to independent judicial scrutiny.

I don’t know whether Apple will exercise that right, but it should. Seriously, if commissioners really believe this will be good for tech, innovation, or competition across the region, their hallucination shows the extent to which our political classes are utterly disconnected from the reality most of us endure. It is also noteworthy that Apple is the only tech firm these demands are being made of.

Europe gives your privacy away

I’m not just talking about the notion that Apple must permit sideloading on iPhones and offer support for app services outside of the App Store. I’ve almost accepted there’s merits to that. There might even be solutions to the dangers it also provides. But in this case, I’m looking at a reprehensible set of additional demands being levied against the company in the region.

One of the worst of these is that notifications, until now end-to-end encrypted on your devices, will be shared with manufacturers of “connected devices” in unencrypted form. Ostensibly, that is so manufacturers can work with those notifications and weave them into their own product experiences. But in practice, it means your notifications can be exfiltrated from your device and transported to servers beyond your control.

Once that information is out there, it is no longer protected and will give those with access to it (likely including data-mining firms) even closer insight into what you do, where you go, and who you are.

It’s a measure that absolutely conflicts with GDPR rules, which is why companies with an at-best questionable record on respecting customer privacy such as Meta have been requesting such access. Apple also claims some companies are making interoperability requests that abuse the DMA system.

A threat to security?

You won’t need to dig deep to see how this kind of data was abused before. Now it will be again, this time using more powerful generative AI (genAI) technology to generate insights, results, plans, personalized posts and highly targeted ads.

Don’t even get me started on how the exfiltration of data could also be used by foreign intelligence services. I’m sure the Commission spent time considering that before it decided to carve a massive hole at the heart of privacy and security on the world’s most trusted and secure mobile platform.

Why wouldn’t the kind of information gathered by data brokers using these “connected devices” be of use to, say, a hostile intelligence service attempting to track troop or munitions movements? 

Apple can protect us against this kind of threat, you say? Not under the DMA. Because when it comes to security patches for services/on-device features used by competitors, Apple will need to not only test its patches on its own devices, but on theirs (at its own expense).

In some cases, such as when attempting to put a stop to hostile data extraction, third-party developers may complain, Apple will have to investigate, and the complaint may end up on the desk of some European mandarin for final adjudication. As a result, sometimes essential software updates might take days, weeks, or even months to gain approval, leaving customers exposed to abuse in the meantime.

Is that what you call security? 

That’s not Apple’s fault, either, it’s how this part of the DMA implementation has been designed.

What Apple said

Apple isn’t at all happy. In a statement, it said: “Today’s decisions wrap us in red tape, slowing down Apple’s ability to innovate for users in Europe and forcing us to give away our new features for free to companies who don’t have to play by the same rules. It’s bad for our products and for our European users. We will continue to work with the European Commission to help them understand our concerns on behalf of our users.” 

There are several other iniquitous measures contained in Europe’s flawed judgement. For example, Apple will be forced to hand over access to innovations to competitors for free from day one, slowing innovation. This is going to make product introductions in Europe much slower. The implementation also gives unqualified European officials the power to micromanage what Apple does and what software it gets to release.

It’s a field day for Apple’s biggest competitors.  It is noteworthy that Apple is the only company to have such demands made of it under so called ‘Specification Tools’ provided to European regulators under the DMA.

What makes this weird is that even though other companies are also subject to the DMA’s interoperability requirements, it is only Apple that is being forced to share its innovations. It means Apple must give away its intellectual property to competitors for free — even though those competitors are not obliged to follow the same rules. That seems to be an incredibly one-sided application of process that ignores the 250,000+ APIs Apple already offers developers so they can build products on its platforms.

Who pays for all of this? 

You — users worldwide — will pay for Europe’s folly. You see, while Apple will now be forced to pay staffers to test software changes across all its own devices and across third-party and competing services and products in Europe, it will not be able to pass on that charge to those competitors.

To get some scale to this, Apple already has 500 engineers in Europe working on DMA compliance.  The new DMA findings mean it will need to hire even more, and if the competitors aren’t paying for those people, and Europe is not paying for those people, then it will be you paying for those people. 

This likely means more expensive Apple products, as Apple users globally are forced to pay to support rules that actually make their digital lives less secure, while also opening up access to their personal information to some of the worst companies in the world.

What about business?

This affects enterprise users as well. Sure, some companies (particularly one household name) will make billions exploiting this personal information. But others will immediately find themselves struggling with a newly inflated threat environment that means they’ll have to, among other things, limit what employees do with the devices they use and put policies and protections in place against casual data exfiltration.

Endpoint security, already a challenging space, will become even more difficult to guarantee, as that harmless seeming smart home device with seemingly benign access to your notifications turns out to be sending your notifications and location data to rogue nation states. 

How does that protect your business? It doesn’t. How does that help your business grow? It won’t. 

Better use Lockdown Mode — until Europe bans it.

State-sponsored failure

I’ve always been pro-Europe. The freedom to move between member states and the opportunity to settle in them was an important benefit for most of my life, until it was thrown away with Brexit. But this new set of European rules absolutely illustrates the dumb decision-making that drove so many in my country to vote to leave the bloc. It’s yet another chink in the battle-weary armor of privacy and security. It’s yet another in what seems an unyielding series of state-mandated enshitifications that erode platform security, damage personal privacy, and threaten business and commerce globally, not just in Europe.

The effect of this mass data exfiltration is a threat to democracy. The only beneficiaries will be dodgy AI firms trying to monetize your data for their advantage. None of this is good. All of it is wrong. And globally, we are all poorer for it. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.