AFAIK it is mandatory through the EU that phones sold in Europe must include this. Making it user configurable does not make sense therefore (as irritating as that may be).
But it remains a fact that this enables sending of precise location data to undisclosed third parties, triggered by undisclosed events on the phone (and technically remote-triggered events).
As such it should at least be auditable, as in someone should be able to verify that this actually does what it sais does, and sends information to the parties it sais. An Open Source implementation would allow that to some degree. A “Reproducable Build” version of an Open Source implementation allows this to a satisfactory degree.
(Now the more paranoid will assert that this is a surveillance agencies wet dream, and while I haven’t read through the AML standard, the similar eCall standard (for cars) has provisions in it that it may be triggered remotely by law enforcement “to combat terrorism” - which translates to “whenever law enforcement feel like it”.
And even Wikipedia knows that this is already happening.)