alt Hacker NewsBack in the day we used to track user activity via a "hit id" (basically a random string) that was generated on the backend that added a "post" request to every page.
Idk if that was a good idea or not.
We depended on cookies for your cart and stuff.
The regulations are about tracking, and a chain of form fields and a cookie need to follow basically the same rules.