Websites in the UK have to change the way they track users from now on, with sites having to receive 'implied consent' from visitors that they don't mind the site keeping tabs on their online movements.

The law has been mooted for some time and originally required 'explicit consent' from site visitors before certain pop-ups and the like are revealed.

But there was a last minute change to the legislation, which means sites have to obtain just 'implied consent' – this is friendlier for businesses but knocks the UK out of whack from the rest of the EU when it comes to the transparency of cookies.

Although it is thought many UK-based sites will not be ready for the law, the Information Commissioners Office (ICO) is looking to report back on sites that are not obeying the directive and there's the slight possibility of a £500,000 fine for those who flout the law.

Implications of a click

As with any new law put into place, confusion reigns over proceedings. According to Rob Rachwald, director of security strategy at Imperva, the law is a good way of teaching consumers about how websites track them but is too vague to have much effect.

"Websites and internet technology have become so complex that it is impossible for a typical consumer to understand the implications of a simple click," said Rachwald.

"This law will hopefully help people understand that cookies are the keys to personal information and present a threat if exploited, stolen, altered, harvested or hijacked."

Rachwald continued: "The legislative thinking is that ambiguity forces the private sector to experiment with different approaches until somewhere, somehow someone finds the right way."

Speaking to the BBC about the cookie law, Dave Evans, group manager for the ICO, believed that businesses have had long enough to prepare themselves for the new legislation: "Given that everyone has had a year [to comply], we're going to shift from that kind of approach to one which will be very much more focused on those people who don't appear to have done anything and asking them 'why not?''

So, if you run a site you better swot up on what you need to do before the cookie monster is unleashed.