How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
So they just set up hosting for the site or service in a locale that doesn’t have those laws.
Now what?
That does not matter. If you operate within the EU then you have to abide to EU law.