European data watchdog the Article 29 Working Party (WP29) has released guidance recommending that so-called device fingerprinting is bound by the same rules as cookies, and should be done only with explicit consent.
The WP29 device fingerprinting report (PDF) said that the practice presents serious data protection concerns for individuals.
"This [report indicates] to third parties who process device fingerprints which are generated through the gaining of access to or the storing of information on the user's terminal device that they may only do so with the valid consent of the user (unless an exemption applies)," the report adds.
The UK Information Commissioner's Office, which installed the cookie rules locally in 2012, explained that the same rules will apply to device fingerprinting.
"The ICO has always been clear that the law around cookies also applies to similar technologies," said a spokesperson.
"The Article 29 opinion adopted this week, which the ICO played a key role in drafting, confirms that digital fingerprinting can be such a technology.
"Digital fingerprinting can access information stored on a user's machine in a similar way to a cookie, for a range of purposes. With that in mind, it is sensible to consider that the law can apply to some uses of digital fingerprinting in the same way it does to cookies."
The ICO added that digital fingerprinting provides enough information to identify an individual, and that this has data protection as well as privacy implications.
The WP29 report said that firms have used device fingerprinting as a way to avoid the consent conditions of current legislation.
Many web firms use device fingerprinting in order to gather information on a visitor to their site and then present information to them, such as adverts, based on their previous browsing history.
Stewart Room, head of data protection and cyber security at PWC, said that the Article 29 guidelines are a continuation of efforts to shore up local data laws and bring a more 'consent-led' approach to internet monitoring.
"The EU regulators want to move the internet as far as possible to a consent-based system wherever the processing of personal data is concerned," he told V3.
"The tracking and profiling of internet use is a top-level privacy worry for the regulators, so it is not surprising that they have formed the view that device fingerprinting needs cookies-style prior consent where there is access to, or storage of, information on the user's equipment."
The move comes as Europe also looks to enforce its so-called Right to be Forgotten ruling on Google in all parts of the world.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago