It’s one thing to track how users are using forms and seeing where they drop out, for example on a checkout. It’s another thing entirely to save the data from those fields.
Collecting personally identifying information without explicit consent seems like a great way to get into trouble. Implied consent is no consent at all.
Would you also support Wallmart following you around their store, keeping track of which isles you walked, which way you looked, conversations you had with your spouse next to you as you shopped, etc?
It's their store. They should be entitled to own everything about you when you walk into their store, right?
I mean, Walmart almost certainly do track everyone's movement around their stores to see how to improve their conversion rates.
When I worked for UK financial company we would track how far people were going through our form wizard to see where the paint points were. The personal information never left the web page, but it would report back telemetry telling us how many people dropped out at each stage. That helped us to do split testing, e.g. does this label make more people fill out the form, etc.
Collecting personally identifying information without explicit consent seems like a great way to get into trouble. Implied consent is no consent at all.