The UK government's revised electronic communications regulations require businesses running consumer websites to request permission from visitors before locally storing cookies on users' computers.
This follows the new European Commission e-privacy directive, which comes into force on 26 May 2011 and aims to give users greater control over how they are tracked online.
Christopher Graham, information commissioner at the Information Commissioner's Office (ICO), said in a statement it is giving UK businesses up to 12 months to address the new regulations and "get their house in order".
"Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules," he warned.
The ICO recommends businesses:
1. Check what type of cookies and similar technologies you use and how you use them.
3. Decide what solution to obtain consent will be best in your circumstances.
Cookie use options
The ICO said the most challenging aspect of the new regulations concerns the use of third-party cookies on websites.
George Thompson, information security director at KPMG, said few organisations are prepared for new regulations affecting data management.
Commercial value of cookies
The government is in talks with companies, such as Google and Mozilla, about its default browser settings, which allow users to block cookies.
Kim Walker, partner at law firm Thomas Eggar, said cookies have commercial value for businesses using information to analyse consumers' browsing habits.
"The huge commercial value to businesses of the information made available by cookies means there is a large investment to be made in offering users appropriate and informed choices where the information stored could be intrusive," added Walker.
Malcolm Duckett, CEO of Magiq, said some businesses could be driven to host websites outside the UK and Europe to avoid stricter cookie rules and liability.