GDPR specifically excludes law enforcement so it doesn’t apply here. The sad thing is Apple was legally required to allow law enforcement to search iCloud backups before they implemented this system, so nothing fundamentally changed.

However, after this backlash you can bet other manufacturers will continue to hide what their actually doing.

As you've written... why there has to change something when it works already for law enforcement.

I think Apple was actually designing this system internally as an improvement in terms of privacy. Doing Perceptual hashing on the phones is more open and thus auditable than doing the same thing on their servers. They set things up to require multiple different images to match etc.

However, the perception was very different.

This kind of technology should not be on phone. Industry standard is doing it on the cloud. It requires only little code changes (let's say in the time frame of 5 years) that law enforcement or whoever says: Please extend that to offline photos and then it's only a few code changes to make that happen. I don't want a ticking time bomb and Apple pinky finger promises that this will not be abused in future.