On Saturday, the U.K. will begin to enforce the amended Directive on Privacy and Electronic Communications--better known as the E-Privacy Directive-which it passed last year. Meanwhile, all 27 member nations of the economic and political confederation are debating much broader draft legislation, introduced by the European Commission (E.C.) in January, which would reform and harmonize data protection laws across the E.U.

The E-Privacy Directive, which the U.K.'s Information Commissioner will begin to enforce on May 26, requires consent for all non-essential tracking of individuals as they traverse the Web, whether that tracking involves tags, cookies or other tracking technology. In other words, Websites must inform consumers in detail about any tracking that takes place on the site and obtain consent before proceeding with the tracking.

Like many other European data protection laws, the U.K.'s implementation of the E-Privacy Directive is an outgrowth of the Data Protection Directive, adopted by the E.C. in 1995 and intended to apply a set of common rules and safeguards for personal data throughout the member countries of the E.U. But as a 'directive' rather than a 'regulation,' it was up to the individual member countries to implement specific laws.

In the 17 years since the E.C. adopted the Directive, E.U. member states have adopted a patchwork quilt of data protection laws that vary in both language and the penalties for non-compliance. For example, when it comes to the E-Privacy Directive, some of the member countries adopted opt-in laws, others adopted opt-out laws and still others have considered annual consent procedures.