How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
It was a double-edged sword. While websites could honor it, it could also be abused as another data point for fingerprinting.
Even more reason to make it legally binding.
How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
So they just set up hosting for the site or service in a locale that doesn’t have those laws.
Now what?
That does not matter. If you operate within the EU then you have to abide to EU law.