Whether or not the ICO decides to take action on a non-compliant website depends on the intrusiveness of the cookie, how much distress it causes and to how many people, said Smith.
"What's much more likely is that we will [issue a notice] that says, in effect, you must remove these cookies or obtain proper consent [from users]," said Smith. "If [they] don't comply with that notice, that becomes a criminal offence and the Commissioner would prosecute."
He also revealed that the ICO will write to 50 "key websites" over the next few days to find out what moves they have made to comply with the new requirements.
"[These are websites] where we see no signs that they have the right steps in place, [and we will be] asking them what they are doing and asking them to respond to us within 28 days," he said. "We will then review them and decide what action to take."
Nick Pickles, director of civil liberties at campaign group Big Brother Watch, said the ICO's soft approach to enforcement could impact on website visitors' privacy rights.
"It's important that a pragmatic approach to enforcement is not seen as an excuse to continue tracking people without their consent," he told IT Pro
"Businesses have already had 12 months to bring their websites into line with the new rules, so we expect people to be taking the deadline seriously and gaining proper consent for the information they want to gather."
