Information Commissioner Christopher Graham says it is not too late for UK organisations to prepare for the "cookie...
law" deadline at the end of May.
From 26 May 2012, websites need to obtain users' opt-in consent first if they want to install cookies that pass on information about browsing activities to third parties, or risk fines up to £500,000.
Although the EU directive came into force on 26 May 2011, the Information Commissioner's Office (ICO) gave UK businesses 12 months to "get their house in order".
But 95% of UK companies have yet to comply, according to a study by consultancy KPMG that analysed the websites of 55 large businesses.
The clock is ticking, said Graham. "We gave industry a year's grace, but when that runs out we will certainly be responding to complaints about organisations that are not following the rules," he told Computer Weekly.
The ICO's concern, he said, will be with UK companies that cannot demonstrate they have thought about compliance, and that they are in the process of putting something in place to give consumers the right they have under the law to give their consent for cookies to be placed on their machines.
However, Graham said the ICO did not do enforcement for enforcement's sake and that UK companies can still take action ahead of the deadline.
Further reading on the cookie law
The first step, after looking at the advice published on the ICO website, he said, would be to do an audit of all the cookies that a company's systems are placing on other people's computers.
"When the ICO comes to call, we will certainly expect businesses to know what their websites do, we will expect them to be clearing up and getting rid of all unnecessary cookies, and we will expect them to have a plan in place to become compliant," said Graham.