In October of 2009, Europe began the process of making all cookies opt-in as reported here, primarily in response to a growing movement of concern by consumers, but mostly by a smaller group of privacy folks acting on behalf of a public who are mostly in the dark about what is being tracked about them.
The US has also been moving in a similar direction for some time, but has been approximately 18 months behind - which in this case is good! To me, Europe has gone too far - cookies are an essential part of online marketing, the funder of all the great free content and functionality online. Take away cookies and at the very least the web becomes less the experience it is today.
Under the European move each country now has decide how they will implement the ruling. My guess is that the UK will mostly try and bury it in privacy policies (although the updated Telecoms Reform Act in question here tries to block this, the Germans will go for a full 'you must accept this cookie to proceed" ruling and the rest somewhere in the middle.
(When I was dealing with CRM and email systems we used to joke that if it was legal in Germany it was legal everywhere - a good indicator to how seriously they take privacy.)
Thankfully the US has the NAI / IAB and others who have been trying to prove that as an industry we can self-regulate. But this was thrown back at us with a piece of regulation by Boucher that insisted on steps that would take our industry backwards.
As of this week though, legislation proposed by Rush looks to provide a more balanced approach. It accepts the work that has been done by the industry and makes specific provision for it - if you participate in the self-regulation programs, you are exempt from requesting opt-in or providing a global opt-out. And he seems to 'get it', asking regulators to clarify terms such as 'sensitive data'.
Keep watching this story, and start caring about it. It astonishes me how little marketers and agencies know what is going on in this space.