New regulations on website use of cookies came into force at the weekend with lawyers warning a majority of travel businesses have yet to comply.

The changes extended the existing Privacy and Electronic Communications Regulations to cookies – the data packets automatically downloaded to users’ computers when visiting a website.

However, lawyer Charlotte Black of specialist law firm TravLaw warned that as many as four out of five industry websites could be failing to comply, putting businesses at risk of enforcement action.

The new regulations mean websites require a user’s consent before cookies can be downloaded.

Cookies bring benefits to users, allowing pages to load quicker and retaining log-in details, but they also track web users’ behaviour.

Black told Travel Weekly: “The law as it stands is rather confusing and ambiguous. There are a multitude of grey areas which in certain circumstances make it almost impossible for a business to comply.

“The Information Commissioner’s Office (ICO) has powers to enforce these regulations. The sanctions for breaching them involve heavy penalties and criminal sanctions – up to £5,000 per breach if dealt with in a Magistrates Court, unlimited if dealt with at a County Court.”

She warned: “Industry-wide this has the potential to cost hundreds of millions of pounds.

“Yet the ICO has done very little to clarify the issues, perhaps because the area is so complex.”