I'd argue that legislation like GDPR had more positive impact on user privacy than any walled garden managed by any for-profit entity. See Uber using the device ID even against App Store policy for years and not getting immediately kicked out after discovery [1]
Apple's clampdown on Facebook came after GDPR and apparently wasn't a problem for years until Apple decided it was beneficial to their marketing and a way to push their own ads better.
Rule of thumb is: when you are big enough, you can do basically anything you want when you don't talk about it.
It first will weaken security and privacy for common users. Walled garden is doing pretty good job at maintaining this.