Re: Thank you for writing this
Take the Apple definition:
"We also collect non-personal information − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. "
Notice that APPLE defines non-personal information as any information that does not permit DIRECT association with any specific individual. This provides the convenient and massive loophole that anything that allows INDIRECT association with an individual is fair game according to Apple, and can and IS used for any purpose that APPLE sees fit.
Compare this definition with the EU definition,
Article 2a: 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
The inclusion of "identifable" is a key point, widely used internationally since the OECD definition in the '50s
So against this background I think people need to understand that the Apple definition is nothing more than a self-serving legal word-play who'se SOLE intention is to protect Apple against US Class-Action lawsuits. It has NOTHING to do with actually protecting the privacy of Apple customers.
Even in the US, which is not exactly famous for protection of Privacy and civil liberties, despite the hypocritical claims we often hear from the US to the contrary, the concept of "indirect" personal information is found in a number of legal definitions:
For example: (Wikipedia)
The U.S. government used the term "personally identifiable" in 2007 in a memorandum from the Executive Office of the President, Office of Management and Budget (OMB), and that usage now appears in US standards such as the NIST Guide to Protecting the Confidentiality of Personally Identifiable Information (SP 800-122). The OMB memorandum defines PII as follows:
Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.
So please people: Don't fall for the bullshit.