No idea, which is why I mentioned it's a vendor related issue.
They could have stood up a regulatory-ish body, or group, that organizations could sign onto, and/or an accreditation organization that does audits to ensure they are following DNT.
Could have also done the simplest thing, the most error-prone, but still something tangible, and said "If you support DNT, add it a DNT-HEADER tag, and if it comes out that an org as using it and didn't follow it, then we will name and shame you". Just like we did with forcing HTTPS, the red icon did the heavy lifting there.
The decision to /not/ do so, seems to be a choice they willingly made, because all three of those options are potentially obvious security and methods of 'protecting the \'net' or 're-wilding the \'net' while also adding another revenue stream to ensure they have the financial bandwidth and personel to make This A Thing, as it should be.
They could have stood up a regulatory-ish body, or group, that organizations could sign onto, and/or an accreditation organization that does audits to ensure they are following DNT.
Could have also done the simplest thing, the most error-prone, but still something tangible, and said "If you support DNT, add it a DNT-HEADER tag, and if it comes out that an org as using it and didn't follow it, then we will name and shame you". Just like we did with forcing HTTPS, the red icon did the heavy lifting there.
The decision to /not/ do so, seems to be a choice they willingly made, because all three of those options are potentially obvious security and methods of 'protecting the \'net' or 're-wilding the \'net' while also adding another revenue stream to ensure they have the financial bandwidth and personel to make This A Thing, as it should be.