Well, the problem is that European privacy guidelines are a completely foreign concept to US data collection practices.
Ok, let's detour slightly: A typical US american has a couple of "fundamental rights", and the moment someone threatens them, get up in arms. E.g. most jurisdictions have at least a little weaker Freedom of Speech rights. Now Germany considers Privacy (and a number of related concepts releveant to IT) a fundamental Human right. As in, your data is yours. And by default companies (and even the public administration) are required to do their business by recording the minimal amount of data possible. And as long a company has no business relationship with you, they ought to record NOTHING that can be traced back to you.
Now how's that relevant? I mean Germany is just but one country. Well, the EU legal framework around Privacy usually trails the German concepts by one iteration. (The EU usually uses laws that need to be enacted into local law by local member countries, and they usually define only the framework).
The next interesting tidbit is that German courts have been usually in the fore when it comes to protecting privacy, so Apple should not hope to appeal this away, the higher Courts are usually even more stringent on privacy and citizen rights.
Last but not least, Germany has a curious legal setup, including a number of constitutional provisions that are eternal, as in they cannot be ammended away, you have to go the route of replacing the whole constitution, which is practically means that the traditional "Rent-a-Politician" route works only up to a certain level, the Constitutional Court has been kicking in governmental teeth all the time.