EUのDirective on privacy and electronic communications（通称、e-Privacy Directive）の2009年の改正により、クッキーに対し以下の規制が新設されました。

すなわち、ユーザに対して、クッキー等の目的などをわかりやすく説明した上で、ユーザの事前同意を得なければ、クッキー等は利用できないものとされました。
また、クッキー等を拒否する機会を、ユーザにわかりやすい形で与えなければなりません。*1

EU各国は、2011年5月25日までに、これを国内法制化しなければならないとされています。

なお、EUのe-Privacy Directiveはhttp://europa.eu/legislation_summaries/information_society/l24120_en.htm#amendingactに掲載されています。

また以下に、参照用として、上記のクッキーに対する規制に関する条文を引用しておきます。*2

recital
(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.

Article 5(3)
Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.";

この件に関する、ICO（イギリスのInformation Commissioner’s Office）によるわかりやすい解説についても、リンクを貼っておきます。

http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx
http://www.ico.gov.uk/~/media/documents/pressreleases/2011/data_protection_officer_conference_news_release_08032011.ashx