[ben_w]

It’s easier to trust a business to follow a law with teeth than to follow a mere non-binding header that politely requests the same thing.

[jtbayly]

What an utterly useless law. We have a convenient way for people to request universally that sites not track them. So let’s make a law that makes them have to ask “the right way” every. Single. Stinking. Site. On. The. Internet. Every. Single. Time. They. Visit. Every. Single. Site.

One might be forgiven for assuming that the law was actually intending to accomplish the reverse of the stated goal. It gives site owners tons of explicit opt-ins that nobody can complain about, even though they were coerced.

[ben_w]

> We have a convenient way for people to request universally that sites not track them

DNT is utterly ignored to the point it’s officially deprecated in various browsers and the W3C working group for it disbanded:

https://en.wikipedia.org/wiki/Do_Not_Track

> It gives site owners tons of explicit opt-ins that nobody can complain about, even though they were coerced.

Coerced assent is expressly forbidden by GDPR, so we absolutely can and are complaining about this.

[foxfluff]

I believe GPC is considered legally binding under CCPA.

The DSA proposal also has language that appears to be intended to make such headers legally binding: "In order to avoid fatiguing recipients who refuse to consent, terminal equipment settings that signal an objection to processing of personal data should be respected."