I've responded elsewhere but the big difference is that Apple has always operated this way while FB and Google have changed their positions. Since they have had prior data breaches, it's not difficult for a malicious actor to use old data combined with new data to restore data models. The only situation where this wouldn't apply would be for users whose accounts were created after the policy changes.