The Information Commissioner's Office (ICO) says "education is key" to getting firms to comply with the recently introduced "cookie law", but is threatening legal action against those who do nothing about complying now.
Cookies are small files that are downloaded on to a website visitor's desktop or mobile device, and are usually designed to make it easier for the visitor to more easily navigate the site the next time they visit or to complete transactions quicker.
The European Commission felt web users should have advance warning of files being downloaded on to their machines, and to be able to stop the process if they so wished.
The ICO is now calling on more firms to move towards compliance, although many larger firms have already made the first move towards complying by at least warning users that cookies are used when they visit sites.
ICO industry strategic liaison manager Dave Evans said: "The vast majority of businesses want to operate within the law, and it is for the ICO to make sure they’re aware - through education - what that means in practice."
He added: "From some initial conversations that involved having to explain what a cookie even was, we’re now at a stage where businesses should know they have to respond to the law."
In the survey of 231 websites by data privacy management firm TRUSTe, only 12% were found to have implemented prominent privacy notices with "robust" cookie controls. Meanwhile, 51% had minimal privacy notices with limited cookie controls, and 37% had taken no steps to comply with the directive.
However, Evans confirmed that no enforcement notices had been issued yet. "Some people will feel we’re not being strict enough, but we’re happy with the work we’ve done in the background to ensure any action taken is credible and proportionate," he said.
The ICO has so far received 380 responses from consumers through its online cookie concern reporting tool.