[Sylos]

It could have had legal bearing, if Microsoft had not turned it on by default.

Before DNT, the way consent basically worked was that companies just assumed you consented, and only if you specifically denied consent, they would have no chance to defend that in court.

With DNT, if the user turned that on themselves, they would have clearly signalled that they want this the other way around. Do Not Track me, unless I specifically give you my consent. This would have made it hard for companies to defend their behaviour in court.

With Microsoft turning it on by default, there was no way for companies to know, if the user actually wanted privacy, or if they supposedly wanted to be tracked, for whatever reason.

With the GDPR in place, you theoretically now need to get consent every time (including implicit consent, e.g. when the user asks for something to be shipped to their address, that means you can process their address). Most companies don't yet keep to it, though.

[wirrbel]

Surely google can assume that browser settings represent the user'choice when it fits Google's interest, and they can assume that browser settings don't represent the user's choice when it fits their interest. But everyone knows that google won't tolerate a privacy measure that is used by a majority of users. Microsoft is not to blame for making privacy a default in their browser. It's google who is ignoring that setting.

You cannot just assume the user did not actually want the default setting in their browser.

[Sylos]

Oh yeah, as far as I remember, Google (and Facebook) said right away that they would not support DNT, before it became default in IE.

With most webpages shipping code from Google/Facebook, that was also already pretty bad for DNT.

[zucan]

>With the GDPR in place, you theoretically now need to get consent every time

This is false. There are multiple ways to justify processing of personal data, and your example would fall under data processing necessary to perform a contract at the customer's request. Depending on your location, there might also be legal requirements to record and keep user data, which is also a valid reason that doesn't require consent of the user.

https://gdpr-info.eu/art-6-gdpr/

[TeMPOraL]

> It could have had legal bearing, if Microsoft had not turned it on by default.

How would that happen?

> Before DNT, the way consent basically worked was that companies just assumed you consented, and only if you specifically denied consent, they would have no chance to defend that in court. (...) With Microsoft turning it on by default, there was no way for companies to know, if the user actually wanted privacy, or if they supposedly wanted to be tracked, for whatever reason.

Herein lies the problem. Companies assumed consent. Which is a nice assumption if you want to abuse users and sell their data - though how can users consent if they typically don't even know what's being done to them? In reality, what companies should assume is lack of consent, and I'm very, very happy that at least for some of us, GDPR is fixing that.

> With the GDPR in place, you theoretically now need to get consent every time (including implicit consent, e.g. when the user asks for something to be shipped to their address, that means you can process their address). Most companies don't yet keep to it, though.

No you don't; you only need it for using user's data for things other than fulfilling user's request. It's kind of like with Cookie law - you don't really need a cookie banner, unless you're tracking people.

(Or in other words, amount of UX problems GDPR/cookie law cause are directly proportional to how abusive a website is towards its visitors. It's a useful signal.)

[Const-me]

> With Microsoft turning it on by default

I've checked the setting in MS Edge on 2 PCs and it was off on both.

[Sylos]

They've changed the default since then, again. Here's a source for them having had it on by default and turning it off again: https://www.theregister.co.uk/2015/04/03/microsoft_reverses_...