According to new research, the vast majority of online firms in the UK probably do not comply with the EC's Privacy and Electronic Communications Directive. A study by web analytics firm WebAbacus found only four percent of sites appeared to fully comply with new restrictions on the use of cookies.

The privacy regulations came into force on the 11 December. Regulation six of the directive says that internet users should be offered the opportunity to opt out of cookies - technology that adds a small piece of software onto the user's computer and can then be used to track and measure their behaviour online. Just four percent of sites complied with this, though some may be able to claim exemption if cookies are essential to the running of their sites.

Of 50 companies surveyed by WebAbacus on 2 December, just two achieved "excellent compliance". WebAbacus looked at 10 companies' e-trade sites in each of five online shopping areas: appliances and electronics; UK department stores; toys and hobbies; groceries and alcohol; and music.

Twenty-two percent of sites offered "fairly good notification" about cookies. WebAbacus said these sites were "above average but still not compliant". Thirty-two percent of sites offered notifications that were not so clear; and a substantial 42 percent offered either no notification, or warnings that were "very poor".

Kim Walker, e-business solicitor at Infocus, commented, "As e-business is probably the most regulated area of business ever, some companies may be overwhelmed. We always check for cookie compliance as part of our compliance checklists."

Walker said that to comply with the regulations firms must state clearly in their sites' privacy policies and terms and conditions where, how and why cookies are being used. She said that these notices should be accessible within just a few clicks of each site's main page.

The UK has adopted the new rules, but last week the EC launched infringement proceedings against nine member states that have not yet done so.

Subsequent research by WebAbacus, looking at a wider sample of sites, found that the compliance figures changed little. In a sample of 99 sites just two percent fully complied with privacy regulations, while 24 percent presented no privacy policy and no explanation about their use of cookies.

Ian Thomas, marketing director at WebAbacus, said the poor compliance was unsurprising as the wording of the law allows firms to use cookies without an opt-out when "they are essential to the site". He added, "It will be interesting to see how much compliance there is and how many firms simply say that cookies are essential."

WebAbacus itself uses a cookie-based tracking system. Thomas said it is very useful for identifying how the company's site is used, and is the least intrusive way of monitoring activity. He added that whenever the firm's clients use the system they have an opt-out mechanism.