No more trust
Topics all sounds fine and dandy when described in this way, but who can trust the actual implementation? How do I know what topics my browser is flagging? How do I know that what my browser is telling me it's collecting and sending is what it's actually doing? How do I know this stuff gets deleted when they say it does? How do I know that the topics sent by my browser aren't being collated against my IP, browser name / version, OS name / version etc etc, and kept somewhere else?
The reality is that we don't, and there is no way to fix this as long as user privacy is dependent on trusting any server to respect ther privacy. The trust model has to be flipped around on it's head, where data is controlled by the user. I'm sure someone (much) cleverer than me can work on the technical details, but what is needed is something like an encrypted token with user data that automatically expires after a certain time. The user enters, controls and owns the data. If some data is required to make a site work (ie online shop or ticket booking), the site only gets the data it needs and nothing else. Users can put sites in trust categories and manage trust settings per category so they don't need to faff about with settings all the time. 3rd party sites don't get any data. And if ad networks want to get any demographic information, they have to pay the user directly. Then the user can make that choice whether to sell their data or not, instead of Google vacuuming up the data by brute force or stealth and selling it off.
Of course users also have the choice of whether they want to pay for services like gmail, google maps etc by releasing their data or by paying cash - there are no free lunches. But at least it's explicit what's going on, and Google's monstrous profits give some strong clues about what the value of the user data it collects from these 'free' services really is compared to the cost to Google of running these services.
The other thing is to stop browsers sending all the details about browser type, version, OS type and version, in fact any details about what hardware / software it's running on. A web site should not need any of this information to serve a readable webpage, that's what web standards are for! (the single concession I would make to this is whether the device is mobile or not)