My conclusion would be that under the current GDPR that if someone had the browser setting on, if a company did not respect that setting and kept private data, that they could be reported for GDPR violations and then the issue could be adjudicated, i.e that the courts would then decide if in fact GDPR violations occur by not following that browser setting.
Secondary conclusion - it might be more beneficial if one just contacted the EDPB and said since this browser setting exists and nobody is using it please issue a ruling if the browser setting must be followed, set it to go into effect by this date giving people time to implement it, and if they agreed the browser setting would be adequate to represent your GDPR wishes they might also conclude that it would be an onerous process to make you go through a GDPR acceptance if it were turned on, howe ver as this article is saying that they are "scaling back" the GDPR that would seem to be dead in the water, which is why I said under "the current GDPR".
In the absence of any explicit consent, no-consent is always assumed by the GDPR. The absence of a DNT header definitely doesn't count as consent, so that header is kind of useless, since the GDPR basically requires every request to be handled as if it has a DNT header.
A pre-existing statement of non-consent doesn't stop anyone from asking whether the user might want to consent now. So it is not legally required to not show a cookie dialog when the DNT header is set, which would be the only real purpose of the DNT header, but legislating such a thing, would be incompatible with the other laws. It would basically forbid anyone from asking for any consent, that's kind of stupid.
The GDPR requires the consent to be given fully informed and without any repercussions on non-consent. So you can't restrict any functionality when non-consenting users, and you can also not say "consent or pay a fee". Also non-consenting must be as easy as consenting and must be revocable at every time. So a lot of "cookie-dialogs" are simply non-compliant with the GDPR.
What would be useful is a "Track me" header, but the consent must be given with an understanding to the exact details of what data is stored, so this header would need to tell what exactly it consents to. But no one would turn it on, so why would anyone waste the effort to implement such a thing in the browser and web applications?
Secondary conclusion - it might be more beneficial if one just contacted the EDPB and said since this browser setting exists and nobody is using it please issue a ruling if the browser setting must be followed, set it to go into effect by this date giving people time to implement it, and if they agreed the browser setting would be adequate to represent your GDPR wishes they might also conclude that it would be an onerous process to make you go through a GDPR acceptance if it were turned on, howe ver as this article is saying that they are "scaling back" the GDPR that would seem to be dead in the water, which is why I said under "the current GDPR".