The Electronic Frontier Foundation (EFF), along with Medium, DuckDuckGo, Disconnect and Adblock, announced a new Do Not Track standard that promises to be both stronger and more practical for websites to adopt.
After a few years of arguing between browser vendors, privacy advocates, advertising companies and websites, all major browsers now support the Do Not Track standard. However, the current standard is completely optional for websites to follow, even if all browsers keep it opt-in rather than opt-out.
Users still need to enable it first in their browsers before the request header is sent to the websites. Then the websites and other third party sites can decide whether to respect it or not. The advertising networks particularly didn't like it when Microsoft decided to implement it by default in Internet Explorer, removing user choice from the equation.
Of course, being optional, the ad networks didn't have to follow the standard anyway. However, they might have been worried that it would look bad for them to not comply with the DNT request, so they decided to persuade Microsoft in making DNT opt-in for its browser, as well. They finally succeeded earlier this year, when Microsoft agreed to make DNT opt-in in the new Windows 10 Edge browser.
In the new DNT standard, there's a distinction between the first-party and the third-party. If the first-party (the website you're visiting) complies with DNT and accepts the tracking restrictions set forth by the standard, then the third parties won't be able to collect data on the users unless the users interact with those third parties directly. For instance, a social media "like" button won't be able to collect data on the users automatically unless the users click on that button.
According to the new DNT standard, all compliant entities should not collect unique identifiers such as cookies, fingerprints or supercookies from DNT users. The new standard also limits how long websites can retain user data -- it's a maximum of 10 days, after which they can only keep aggregated and de-identified records for modelling readership patterns, usage statistics and so on. The policy also provides guidelines to ensure the users won't be re-identified.
There are also some exceptions to these guidelines, such as when the data needs to be retained for law enforcement purposes (according to law) or when it's needed to perform a transaction, such as when an address is necessary for a package delivery.
According to the EFF, if a site has obtained clear permission from the users to track them in order to support the site financially or for other reasons, then the sites can also remain DNT-compliant.
When sites don't want to abide by any of the new DNT guidelines, their trackers may simply be blocked by extensions such as Adblock, Disconnect and EFF's own Privacy Badger, giving sites an incentive to respect the users' DNT requests.