This isn’t actually a new “policy” – this is the way our javascript events for web intents have worked since they were launched back in 2011.
All the documentation on the page you linked to around instrumenting the Follow Button or Follow Intent indicates how to obtain the data on the user that was followed, not the user that performed the follow action. If you’re interested in the user that performed the follow, we have a REST API and authentication system you can use to first have the user grant your application/site the “permission” to know their identity.
Otherwise, you can also use the REST or Streaming APIs to monitor follow events occurring on an account that you control. You won’t be able to identify an end user on your site directly, but one can correlate.
