Consent will be required for cookies in Europe
New complications in the hoizon for technology firms in Europe. 
As posted on November 13, 2009 by Patricio Robles of econsultancy.com, new legislation in the EU will restrict the use of cookies. It reads:
Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities. [Emphasis added]
As Robles argues, “ this essentially requires that users be notified every time a cookie is to be placed on their machine unless that cookie "is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested". The big question, of course, is how you define "strictly necessary". Whatever isn't "strictly necessary" would require that the user somehow be informed that a cookie is going to be placed on his machine, and essentially consent to having it placed. From online advertising to the implementation of personalization functionality, this directive has the potential to wreak havoc.
Stuan Robertson , editor of OUT-LAW.COM and a technology attorney with the UK law firm, Pinsent Masons, explains that the current law – a provision of the Privacy and Electronic Communications Directive, says that sites using cookies must give visitors "clear and comprehensive information" about the purpose of the cookies. It also says that a site must offer visitors "the right to refuse" the use of cookies. There is an exception for cookies that are "strictly necessary" to provide a service "explicitly requested" by the user. Consequently, no cookie notices are required to serve a cookie that helps a shopper get from a product page to a checkout; but notices are required for cookies that are used in traffic analysis or advertising.When the original law was passed in 2002, the main question was how and when these notices must be given. What does a "right to refuse" require of a website? The UK's data protection regulator took the view that a notice in an easy-to-find privacy policy will suffice. That approach, it seems, prevailed across the EU and, to our knowledge, there has never been any action against cookie transgressors.
