The EU ePrivacy Directive (AKA the Cookie Law) come into force in the UK on 26th May 2012 and elsewhere in Europe shortly afterwards.
The law aims to protect the privacy of EU citizens as they use the internet, and actually covers several aspects of privacy, not just cookies. The UK Information Commissioners Office (ICO) says:
“Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
The Regulations are not prescriptive about the sort of information that should be provided, but the text should be sufficiently full and intelligible to allow individuals to clearly understand the potential consequences of allowing storage and access to the information collected by the device should they wish to do so.”