How websites track visitors and tailor ads to their behaviour is about to undergo a big shake-up.
From 25 May, European laws dictate that "explicit consent" must be gathered from web users who are being tracked via text files called "cookies".
These files are widely used to help users navigate faster around sites they visit regularly.
Businesses are being urged to sort out how they get consent so they can keep on using cookies.
Track changesThe changes are demanded by the European e-Privacy directive which comes into force in the UK in late May.
The section of the directive dealing with cookies was drawn up in an attempt to protect privacy and, in particular, limit how much use could be made of behavioural advertising.
This form of marketing involves people being tracked across websites, with their behaviour used to create a profile that dictates the type of adverts they see.
As part of its work to comply with the directive, the IAB - an industry body that represents web ad firms - created a site that explains how behavioural advertising works and lets people opt out of it.
The directive demands that users be fully informed about the information being stored in cookies and told why they see particular adverts.
"Start Quote
End Quote Christopher Graham Information CommissionerIt's going to happen and it's the law."
Specifically excluded by the directive are cookies that log what people have put in online shopping baskets.
However, the directive is likely to have an impact on the more general use of cookies that remember login details and enable people to speed up their use of sites they visit regularly.
It could mean that after 25 May, users see many more pop-up windows and dialogue boxes asking them to let sites gather data.
Data delayThe exact steps that businesses have to go through to comply with the law and gain consent from customers and users are being drawn up by the Department for Culture, Media and Sport (DCMS).
A spokesman for the DCMS said that work on the regulations was "ongoing" but would not be complete by 25 May.
In a statement, Ed Vaizey, minister for Culture, Communications and the Creative Industries, said he recognised that the delay would "cause uncertainty for businesses and consumers".
"Therefore we do not expect the Information Commissioner's Office (ICO) to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies," he added.
Information Commissioner Christopher Graham said: "I cannot bark at the industry at the moment because I have not got the regulations."
However, Mr Graham stressed that the government's confession that the regulations will be delayed should not be a spur to inaction.
"My message is that this is not your 'get out of jail free' card," he said.
The response to complaints about firms that flout the directive will be viewed in light of what they have done to prepare for it, continued Mr Graham.
Businesses should be considering how they will communicate with customers to get consent and look at the technical steps that might make that process easier, he explained.
Early work by the ICO suggests that gathering consent by changing settings on browsers may not be sophisticated enough for the demands of the directive.
"They have to think seriously about this," said Mr Graham. "It's going to happen and it's the law."