As many as 45% of 2,001 internet users aged 16 or over said they were happy for advertisers to track their online behaviour in order to deliver personalised ads, according to the survey results published by trade body the Internet Advertising Bureau UK (IAB) and ValueClick, the online advertising network.
The internet users also said they generally prefer to see fewer adverts that are relevant to them than a higher number of ads of lesser relevance, with 59% supportive of that view.
Only 10% of internet users would be happy to pay for internet content they currently can access for free if advertising on those sites was removed, whilst nearly a third said they had made a purchase on the strength of an internet-placed ad, according to the survey report.
Of those surveyed 89% said they want to control their online privacy, but 28% said they were happy for internet businesses to store and share their personal data if those firms are transparent about the activity. Only 19% of internet users do not "actively take steps" to protect their online privacy, according to the survey results.
Cookies are small text files that record internet users' online activity. Websites store the information on a user's computer, but new EU laws say users should be given the choice whether they consent to websites tracking their behaviour.
The Internet Advertising Bureau (IAB) Europe has developed a voluntary code that requires businesses sign up to display an icon if they use adverts that track users' behaviour. If users click on the icon they are taken to a website that will enable them to switch off behavioural adverts delivered by companies that use the icon.
Under the voluntary code website operators must also give users access to any easy method for turning off cookie tracking on their own site, and must make it known to users that they collect data on them for behavioural advertising. Websites adhering to the rules also have to publish details of how they collect and use data, including whether personal or sensitive personal data is involved. Details of which advertisers or groups of advertisers they make the data available to also have to be published.
However, despite praise for the framework from EU Commissioner Neelie Kroes and the UK's Culture Minister Ed Vaizey, the IAB's voluntary code has drawn criticism from an EU privacy watchdog. The Article 29 Working Party, which is a committee made up of representatives from each of the EU member states' data protection authorities, has said that signing-up to the voluntary code was not sufficient to ensure website operators comply with new requirements for obtaining users' consent to cookies under EU laws.
The IAB has defended itself against the criticism by insisting that its framework was not designed to comply with those privacy laws but that it could be used alongside other methods in order to obtain consent.
Under the EU's Privacy and Electronic Communications Directive storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing".
An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – so cookies can take a user from a product page to a checkout without the need for consent, for example.
The Directive takes its definition of 'consent' from EU data protection laws, which state that consent must be "freely given, specific and informed". The new laws were implemented into UK law last May. The amended Privacy and Electronic Communications Regulations state that website owners must obtain "informed consent" to tracking users through cookies.
At the time that the new Regulations came into effect the Information Commissioner's Office – the UK's data protection watchdog – said that it would allow a year's grace in its enforcement action providing website operators worked towards complying with the new consent requirements. The ICO is due to begin its enforcement regime from 26 May.
A lack of an adequate technical solution within browser settings to enable user consent to cookies to be expressed was attributed by the ICO as the reason for the year's enforcement hiatus.
Subsequent developments have been made in the US towards the development of browser 'opt out' tools that would enable internet users to control what ads they receive.
In a separate initiative internet companies have been working alongside the World Wide Web Consortium (W3C) on a set mechanism for enabling users to opt out of being tracked across the internet. W3C is responsible for ensuring that web technology is based on an agreed set of technical standards.
Work on that project remains ongoing and aims to establish a 'do not track' standard that would prevent web companies tracking users in order to serve personalised content as well as targeted ads.
Last summer Neelie Kroes warned internet companies that she would "not hesitate to employ all available means to ensure our citizens' right to privacy" if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012.
The ICO has issued non-prescriptive guidance on how website operators can meet the new consent requirements whilst they await the developments in browser settings.
Consent can also be gleaned from preferences that users choose when visiting a website. Website features, such as videos, that remember how users personalise their interaction can also determine user consent.
The ICO has left it up to individual operators to determine what methods to choose.
The ICO is due to host a press briefing on 18 May where further detail about the way the watchdog is planning to enforce the new laws are likely to emerge.