The only way it ever would have been respected if it was required to cryptographically sign an acceptance of cookies, then the server was required to retain that attestation as proof of acceptance, subject to legal liability if they were found in possession of tracking data without a valid attestation.
Absent enforceability, even when the server actively and maliciously decided to ignore it, it was a toothless solution.
How can you prove that they respect your preferences in those consent theater pop ups?
I think those pop ups are the worst thing that ever happened to the web because they eliminated the moral authority that anyone had to say “it is user hostile to use pop ups”. Once the EU made it appear “required” and even “laudable” or “prosocial” there was no basis to say “you shouldn’t put this other popup in that will make users feel harassed”.
So now we get pages where the popups get in the way of the other popups.
I suppose the formalism around popups, and specifically when the EU decided to start levying fines on entities who used dark patterns to avoid the spirit of "accept/reject must be equally easy to click", convinced me that user-visible was a better way to win the fight.
Granted, it's not a technically optimal solution, but it may be a politically optimal one. Vis-a-vis the people vs the advertising industry.
I'm unconvinced that DNT would have ever garnered the same support as something that people, and specifically politicians, can see. Which would have led to ad money quietly carrying the day.
I'm hopefully after we've chiseled "Thou shalt respect user decisions" in stone deeply enough, we can flip back to enabling a user agent to automatically respond to that question for us.
It does make visible how absurd the situation is. You might imagine an advertising system would require one or two cookies but it's so shocking to see that some ordinary site would have 40 third part cookies. Some of that is the use of these embeds from the likes of Facebook, Twitter and YouTube and some of it is the "knives out" situation where nobody trusts anybody in the adtech universe and the answer is to have 10 different authorities collecting information and assume they can't all be colluding with each other. (e.g. everybody has a reason to understate or overstate views or clicks and naturally there is attrition in the pipeline so the numbers won't add up perfectly.)
The only way it ever would have been respected if it was required to cryptographically sign an acceptance of cookies, then the server was required to retain that attestation as proof of acceptance, subject to legal liability if they were found in possession of tracking data without a valid attestation.
Absent enforceability, even when the server actively and maliciously decided to ignore it, it was a toothless solution.