I faced the same issue. Thank you for reporting @ksdjfksd !

We almost have no time until May 1. Could anybody raise the priority for the ticket ? For me it's a blocker.

Similar discussion and workaround for Firebase here
Apparently AppStore Connect is not seeing the privacy reports from SPM dependencies because they are statically linked.
A workaround could be to manually add the required reasons of your dependencies in your app's privacy report (not tested).

Hmmm, the bug is related to Swift Package Manager and it was opened Feb 4.
apple/swift-package-manager#7317

Few days ago Apple updated their documentation related to static libs

Distribute your static library with a privacy manifest
A static library is an archive of object files with the .a file extension. It doesn’t support resources such as the privacy manifest. If you currently distribute a static library as an SDK and want to update it to include a privacy manifest in Xcode, create a new static framework target that includes all your static library’s source files and resources, then add the privacy manifest to the target’s resource.
If you don’t use Xcode to build your static library, create a static framework bundle for your static library manually, then add the privacy manifest to the bundle as a resource. For more information about framework bundle structure, see Placing content in a bundle. To identify the privacy manifest location in the static framework, see Add a privacy manifest to your framework.

The link to documentation is here

Sounds like the offending code should be pulled into another library, or this library should add suggestions for how to add the privacy reasons to your app that this violates..

I don't see any other way around this, do you guys?