The Department of Trade and Industry has announced details of how the UK will implement European law concerning privacy and electronic communications. It said that when companies use cookies, or similar tracking devices, they must tell users and give them a chance to refuse the technology. This could lead to many web sites having to be altered.

A DTI spokesman said that companies would either have to alert visitors about the potential use of cookies on the first page of web sites or direct them to another page where they can agree to - or decline - the use of cookies. "Companies must give users the chance to opt out," he added.

Enforcement would be the responsibility of the government's Information Commission. Iain Bourne, strategic policy manager at the commission, said ensuring compliance would be a mammoth task.

"The sheer scale of this presents an enormous problem for us," he said. "There is a basic transparency problem, but we think that if someone uses a cookie [or similar device] that profiles the user, then it is an invasion of privacy. Users should have the right to say no."

On its web site, the Information Commission provides guidance on the use of cookies, where it warns: "It is important that at least some reference to the use of tracking technology is clearly displayed to all site visitors." In a study of 170 web sites last year, the DTI found that the majority used cookies.

The commission found that all the web sites it examined collected at least one kind of personal, demographic or sensitive information, yet fewer than half of these sites included an explanation of why this information was being gathered.

The commission discovered that almost half of the organisations placed a cookie on the user's computer, and in almost one in four of these cases a third party placed a cookie on the user's computer.

Companies already using cookies may find that the government intervention limits the type of services that they can offer to their users.

Andy Kitchener, chief executive of e-business solutions provider Shopcreator, said that most businesses use cookies simply to enhance the user's experience and to simplify online processes. Kitchener added, "As a business you are not interested in individual user behaviour, but groups of users."

John Barker, a lawyer at Last Crawthra Feather, said it was best practice for firms to obtain consent from their users when collecting data, and his company advises its clients to inform users of the presence of cookies. However, he said the suggestion that businesses should devote a large part of the homepage to an alert message was "unreasonable". Barker added: "It distracts from the web site, but it would be a good idea to have a link that explains the use of cookies somewhere on the site."