Only just caught up with this from November:

“European Union digital privacy rules came into force Friday requiring companies to get consent before sending e-mail, tracking personal data on Web sites or pinpointing callers’ locations via satellite-linked mobile telephones. ” Full Article

But they leave it up to each individual country to work out enforcement. Interesting it includes rules that require companies to get permission from web site visitors before using cookies to collect information. Which is clearly reflective of the European penchant for privacy, but in practicality might not be easy – most web servers use cookies as soon as the visitor hits the site, for things like site statistics.

Having to ask every person who lands on your site if it’s ok to set cookies would be tedious. And if they say ‘no’, you can’t then do what would be standard practice to remember a preference – set a cookie! So they’ll be asked everytime they come to your site – a never ending circle.