It's a terrible thing, good only for lawyers. Nobody understands what cookies are anyway, most people think they are tiny little programs that steal their privacy in some magical way.
And nobody cares about that level of technical detail either, and why would they?
If the gov't is so keen on regulating Web stuff, they should have a regulatory body that reviews and audits Facebook's and Google's internal handling of user data, to make sure thay actually don't abuse them secretly.
This cookie thing doesn't make any difference for privacy protection at all.
I hope it will raise awareness, but my cynical expectation is that the "Accept" button will become one people press habitually to get rid of an annoying banner. Sites abusing the Facebook Like button as a gateway to content are a proof of concept that this might happen.
Considering web browsers already have cookie controls built in it seems a bit silly incur such an enormous cost in implementing a completely redundant feature.
I think the effort would be better spent on publishing transparent descriptions of what data collected and what it is used for than for designers to each create their own non-standard dialog boxes. The cookie issue could be "fixed" (to the extent possible with pointless legislation) with a link to an EU-published HOWTO on configuring a web browser.
Most people don't understand the difference between "Google" and a "Browser" [1], cynically, I don't hold much hope people will care what browser cookies are.
I've already had to explain to my parents that cookies aren't evil, the sites they visit (BBC/Google etc) are mainstream and fine.
As an EU resident and webmaster of several sites for myself and clients. I see little benefit to my visitors other than causing me a lot of grief over trying to follow guidelines and hoping my implementation doesn't break them.
I was speaking to a client about it today, he hasn't seen anything about it and I doubt many small business owners have seen (or cared) much about it.
Definitely, it is not. Users already "opt-in" by configuring their client to accept cookies. Users could be more aware of that and use their clients appropriately if they don't wish to be tracked, but instead there will be this new layer of complexity by which a users opts in. Users (much like they have with their browser security settings) will grow accustomed to blindly opting in like they always have because it makes the thing they're trying to use work. Only now, we have an extra bit of work to do.
My point is that cookies are, and always have been, an optional feature of the web. If you go back a decade or so, you might remember annoying IE dialogs warning you that "a website is trying to put a cookie on your computer, do you accept?" While cookies may be used for nefarious purposes, they are essential to many, many legitimate features of the web like maintaining a user session, and to an end user, their importance has trained them to automatically click "Accept."
They are so ubiquitous that browsers typically accept them by default now, but they are still an optional feature. This EU mandate could have been just as well fulfilled by required browser vendors to have the accept cookies warning turned on by default and let users turn it off at their peril. Instead, it has just added another chunk of compliance for web workers to adhere to. Users are still going to be the same ol' users who click "Accept" because they want to get into whatever they were trying to get into. Only now, there's a lot more room for lawsuits.
All of that is true. However I doubt you could claim "opt in" because the user's browser accepted the cookie. It's not that easy to get around the letter and spirit of the law.
Why? It will make people better aware of what cookies they have, and how they are used. Which is probably a good thing.