And without JS tracking is very hard to do at all – a large part of the current tracking from Google depends on JS and/or Flash for detecting unique identifiers of the user.
Do you have a link to "direct approval" regulation? I'm curious as I haven't seen outright legislation regarding how server-side analytics would be limited.
As far as JS tracking, you're right that it does allow for more fidelity in the information retrieved but the server also receives plenty of data that it can use. Many of the device fingerprinting techniques are actually workarounds due to the blocking of 3rd party cookies, but if the site you're visiting is collecting information server-side, then they can just set 1st party cookies which aren't blocked and track you that way. No need for fingerprinting. Even easier if sites have a registration system.
One result of the regulation is the cookie law: You can only start tracking users after you have approval from them.
You may not even set a cookie or store their IP before you have that approval. Direct approval is needed, and, in some cases (like insurances, banks, etc) your site even has to work without tracking.
And without JS tracking is very hard to do at all – a large part of the current tracking from Google depends on JS and/or Flash for detecting unique identifiers of the user.