As of this morning, UK site owners have a year to work out how they intend to compy with the new EU legislation on the use of cookies on their websites. A couple of weeks ago the ICO released a set of guidelines on how best to meet the guidelines, but we found the document to be fairly vague in certain sections. Most people's initial reactions to this has been to have popups to approve/reject every cookie being set on a site, which could lead to a Mrs Doyle approach to the net.
Note: Video contains swearing
VIDEO
A good first step is to explain to your site users exactly what cookies you are using and why. Once you know what's being used you can then identify how to gain approval for their use.
It's interesting to note how the ICO themselves are dealing with the legislation as they are using Sitecore and Google Analytics, both of which automatically set cookies as soon as you load a page. The .Net session cookie set by Sitecore is deemed necessary to the running of the site which, according to their own guidelines, means you don't need to ask for permission. The Google cookies, while not necessary to the running of the site, are seen as a 3rd party inclusion to the site so they can pass the buck. Thankfully Google have set up the ability to opt out of all GA tracking via their site: http://tools.google.com/dlpage/gaoptout
