I think it's mostly a defence against getting sued if they got caught. Chrome can point at their policy and get the case dismissed, Firefox would have to defend it in court and risk losing.
But you are absolutely correct, privacy policy's are only as binding as your ability to enforce them, and you and I don't really have any means to enforce them against a large Corp.
OS defined does seem the best way, but I would prefer it wasn't legislated. The people writing these rules have no clue about the real world, so they end up doing stupid things.
The reasoning for Firefox changing their policy is that legally, in some jurisdictions, a sale of data is very ambiguous.
They are sending a "count of active users" to advertisers, which their legal team thinks counts as a sale of private data.
Is this good enough a reason? Up to you really. Their policy is fairly wide open for further actual data sales now, it certainly gives me an itchy feeling.
It's just not worth the effort. You'll find out they have change their policies on something, and you'll have to fix your app to suit. It's an endless churn of busywork
Unless "forced labour issues" means 100% of the products produced in the region are made by slaves, the 20% number is an upper limit.