At its most basic level the Data Protection Act 1998, and the Data Protection Directive 95/46/EC which it implements, has provided, until recently, the guidance on the requirements of Data Controllers, in this case owners of websites that use cookies, how to treat claims related to privacy infringements and the consequences in cases where the controller had failed in its duties.
The main change to it has come with the Privacy and Electronic Communications (EC Directive) Regulations 2003 which now enforces active consent on the part of the user to store cookies on its computer except for cases of ``implied consent'' where their use is a necessary requirement to provide the service requested.
One problem with this legislation