The European Parliament is to vote on 13 November on whether to make certain web cookies illegal. Most likely it will be those only requiring 'implicit consent' that get the chop.

But if some cookies — the small files used as a type of bookmark by web browsers to store information about users and their web browsing patterns — are banned in the European Union, businesses in the UK alone stand to lose as much £187m, according to a study published yesterday by the Interactive Advertising Bureau.

The ban on cookies is part of a draft legislation package based on a report on data protection drafted by Italian MEP Marco Cappato, which also seeks to deal with unsolicited commercial email, commonly known as spam.

According to the report, the second version of which was approved by the influential EU Citizens' Freedoms and Rights, Justice and Home Affairs Committee on 22 October, the use of cookies by companies is an infringement on personal privacy and therefore a human rights violation under the European Convention for the Protection of Human Rights and Fundamental Freedoms.

"So-called cookies, spyware, web bugs, hidden identifiers and other similar devices that enter the users' terminal equipment without their explicit knowledge or explicit consent in order to gain access to information, to store hidden information or to trace the activities of the user may seriously intrude on the privacy of these users. The use of such devices should therefore be prohibited unless the explicit, well-informed and freely given consent of the user concerned has been obtained," the draft legislation reads. In other words, make them opt-in, or don't do them.

Thousands of e-commerce sites use cookies to authenticate users or store private information and the IAB contends that such a move will keep users from engaging in any type of e-commerce. Users will become so frustrated at having to re-register or re-enter preferences every time they revisit a web site that they will lose interest in e-commerce altogether, the nonprofit organisation said in a statement.

According to the IAB, cookies, far from being a violation of privacy, actually protect users by ensuring they are genuine visitors to a site (as opposed to a person from another computer with a stolen password) and are used to legitimately authenticate and speed up a user's identification and e-commerce transactions.

The European Parliament counters, in its report, that because cookies can be used to build consumer profiles on users by tracking a user's surfing history, a company should have prior permission from that user before cookies can be enabled in a web browser.