I'm reasonably sure you just described the SEC and the (paraphrasing Matt Levine) "everything is securities fraud"-doctrine. Yes Apple has some wiggle room if they rely on rule-lawyering, but.. I really don't think they can wide-spread ignore the intention of the statements made today.

California and EU law require keeping data like that to be opt-in afaik, so it doesn't need a promise to not do it.