[csagan5]

It could be argued that a similar violation is present (since March 2019) in Chromium for the Widevine CDM provisioning request, see https://github.com/bromite/bromite/issues/471

Basically all users opening the browser will contact www.googleapis.com to get a unique "Protected Media Identifier", without opening any web page and even before any ToS/EULA is accepted (and there is no user consent either).

[dessant]

I think the Widevine CDM request is needed for the service to function, though they could certainly delay it until a website requires DRM. GDPR allows the use of personal data without consent when it is required to provide a service for the user.

The personal data collected with the x-client-data header is not required for Google sites to function. Google uses the data to gain a technical advantage over other sites on the web, this is why the data collection in this case requires consent.

[mokus]

Whether consent is legally required or not, as a user I want that service, whatever it is, to not work until I consent to the exposure of my personal data. Given that it apparently has something to do with DRM, I would be disabling the service anyway.

[baybal2]

> Whether consent is legally required or not

Lets not guess it, lets file a complaint, and see if we can get Google sued for n billions of euros.