They don't care about users who don't pay the bills.

This isn't about advertising - you can still advertise just fine, even more so on a search engine where the benefit of tracking is limited as the user explicitly tells you what they're searching for.

They were fined for tracking to detect ad fraud. Advertisers are paying per click, often quite a lot, and if you charge them for clicks that don't represent real humans they get grumpy and go advertise somewhere else.

For that matter, browser + ip fingerprinting can be server-tracked anyway, if less reliably overall. Especially with JS enabled. There are lots of tricks that can be used for this.

Aside, wonder how good/bad ip+agent fingerprinting could be combined with a url that feeds a small randomly generated string with a VERY long cache expiration, with server/proxy no-cache headers (e-tag per agent/ip). Effectively similar to a cookie, without technically being a cookie.

But serverside tracking without consent would still be illegal, right? GDPR does not make a difference between cookies and other mechanisms.

Setting cookies involves you telling all your visitors that you're tracking them. How would the server-side tracking be detected?

Fingerprinting still requires a lot of client-side information. Sending that to the server for no good reason may prompt some questions.

I expect Microsoft would still disclose it in their privacy policy. Or be vulnerable to a whistleblower.

It's not "tracking" it's just ensuring a "consistent user experience throughout our ecosystem".

/sarc

The tracking they were fined for was for ad fraud detection, not personalization.

Fair enough... didn't know, since I'm in the US and don't deal with EU on a business level.

Not clear in this case, since while detecting ad fraud doesn't meet the "strictly necessary" requirements of ePrivacy (necessary for storing the cookie on your machine) it is still an open question whether the GDPR requires user consent for it. (Lawyers at advertising companies think that you don't, but that doesn't mean they're right)

It is but it's a hell of a lot harder to prove.

They do, because they operate a service to lure those users in so another set of people pay money to show ads to the first set.

*They don't care about users because users don't pay the bills.