That's kind of besides the point. Could this info be e.g. passed to US authorities if requested? Is it being used for nefarious purposes? We don't know.
At least in EU (and thus all apps made in EU) you can ask for personal info to be deleted. The list of apps downloaded is certainly sensitive info that reveals many preferences. Can you ask apple to delete this info?
Under the GDPR it is permitted to keep PII, resposibly, if that PII is used for conducting normal business, which should ideally be anonymised. Arguably, apps that you have downloaded from an online store fall under this category. You can close an AppleID, thereby deleting donload info, but you'll lose access to the apps that you have purchased, including IAPs. There is absolutely a discussion to be had around that, but that's moot with regard your point. Asking Apple to delete the info about app purchase history is self defeating. A better question to aim at Apple is to ask if the data is anonymised. The same is true of Google Play.
> You can close an AppleID, thereby deleting donload info
That's not what GDPR requires. I am sure Apple has a way to request to delete sensitive info such as app purchases without loss of service, or else they d be in violation in EU.
> to aim at Apple is to ask if the data is anonymised.
I can't see a way in which my app purchases could be anonymized (then it wouldn't be personal information)
Let's form the issue here using an example from the regulation:
A bank holds personal data about its customers. This includes details of each customer’s address, date of birth and mother’s maiden name. The bank uses this information as part of its security procedures. It is appropriate for the bank to retain this data for as long as the customer has an account with the bank. Even after the account has been closed, the bank may need to continue holding some of this information for legal or operational reasons for a further set time.
Based on that, I'd suggest its entirely reqasonable to posit:
An online app store holds personal data about it's customers. This includes payment information and a list of apps that have been purchased, including free apps, and which of those apps have been downloaded. It is appropriate for the app store to maintain this information so they can allow the customer to install apps on their devices and link in app purchased made in those apps to the correct account. Even after the app has been removed from a device, the app store may need to continue holding some of this information for legal and/or operation reasons.
Arguing that app store purchases are sensitive is some what missing the wood for the trees. What matters is what is done with the information. If Apple (or Google, Sony and Microsoft - they all run similar stores) use this in an attempt to target app store recommendations, the negative inpact on the individual is extremely debatable, certainly from the point-of-view of GDPR. If they are using the information to build a profile of an individual to sell access to that individual to 3rd parties, then there is a problem.
At least in EU (and thus all apps made in EU) you can ask for personal info to be deleted. The list of apps downloaded is certainly sensitive info that reveals many preferences. Can you ask apple to delete this info?