I saw the news by Bloomberg (a questionable source) about how Apple was getting ready to comply with the European Digital Markets Act, at last, by allowing sideloading among other things. However, this quote caught my eye:
If similar laws are passed in additional countries, Apple’s project could lay the groundwork for other regions, according to the people, who asked not to be identified because the work is private. But the company’s changes are designed initially to just go into effect in Europe.
I have one question: How?
This might seem like a dumb question, but consider the following:
- GDPR applies to European citizens. Companies like Apple are bound by GDPR even if said citizen is currently physically located in the United States or another country (making it a extraterritorial law). If the DMA is similar in this way (which I currently cannot find a certain answer for), Apple would be required to allow sideloading outside the European Union if the user is an EU Citizen (for example, if they flew to the US for a week). But how do you tell, without ID, if a user is European? Vice versa, how do you tell that a US user didn’t just fly to Europe for a week?
- The DMA appears to be a retroactive law, applying to all iPhones that currently exist as part of the “platform” (i.e. anything currently supported). If so, there are no doubt phones in Europe that were purchased in the US. What happens to them? Let’s say 5% are not what Apple would call European-sold phones. Is updating 95% of phones to comply, and not 100%, legally kosher? Or could Apple be sued stepping on people’s rights for not getting everyone?
The first point would suggest a geolocation-based block to be ineffective and potentially illegal. The second point would seem to also make a unique serial-number-based (or other point-of-sale-based) check also illegal and ineffective. iPhones don’t require an Apple ID and the DMA doesn’t have exceptions for one, so the country on an Apple ID would not be usable either. It doesn’t seem, to me, like Apple has many options for actually restricting sideloading fully to Europe without technically-knowledgeable users being able to join in on the fun.
Thus my open question: Any thoughts how they’ll do it? Comment below.