I take an opposite position. Legislation is the answer we all need... something similar to GDPR. That legislation needs to have some consequences. What Apple does is a drop in the bucket regarding personal data and privacy. The sentiment is great. The effectiveness is minimal at best; amounting to more positive marketing than an actual deterrent. We're on a tech site so we focus on the tech aspect of data and privacy, but that's not where we're being sold as a product. Not in any appreciable way.While legislation is fine, Tim and Apple need to step up and encrypt everything with on device keys and then they can obviate some of the need for it.
Make each device its own walled garden and give everyone the power to control what is shared and with whom.
Create new me.com addresses for every login like gmail allows, it do it automatically so no shared addresses or passwords. Then automatically map them to your regular address.
We need the legislation to cover larger aspects of our data beyond our choice of tech. Our financial info is shared/sold by our banks. Our home info is shared/sold by mortgage companies and rental agencies. Same with our insurance, autos, credit standing, etc. Take your suggestions for example. Sounds nice and secure, and it is. But what are you actually securing? None of the valuable personal info about yourself that's being transacted by the very companies you use. But hey, your phone is secure amirite? So that I'm clear, I'm not advocating for companies like Apple to sit by and do nothing. Far from it. Their efforts do play a part. What I am advocating for is consumers to recognize where they are really being invaded and monetized. Facebook, Google, IG, Twitter, etc. isn't the larger issue. Cook's example of making a purchase at a retailer only highlights the insignificant data trafficking. I understand why he uses the example he does. It's just not really important data when you examine it.
tl;dr We need the legislation more than anything else.
Apologies to all for length.