I have just been pointed in the direction of the new-look ICO website, which now sports this banner at the top of the page (I've added the bold):
I accept cookies from this site. 
I think most users would agree that the new look is pretty ugly. I think web designers would be sacked if they came up with it. I'm not sure that clients would be very pleased if their lawyers told them to do it either. And worst of all, it doesn't even seem to fix the problem (note the giveaway confession: "one of the cookies we use ... has already been set").
UK law already fudges the issue. The EC Directive doesn't say that browser settings are a legitimate way to get consent but the UK Regs implementing the Directive say:
(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.
I'm not sold on this at all - if most users don't read their browser settings, isn't it stretching the legal meaning of consent to argue that failing to change a browser setting can amount to consent? Consent has to be informed, specific, freely given and must involve some positive action on the part of the consenter. Surely failing to untick an option hidden away in some options menu in your browser won't work ... ?
The Information Commissioner has been praised for being "pragmatic" in his interpretation of the law - though that sounds like a euphemism for "not doing what the Directive says" to me. Today, he's being even more "pragmatic" and giving website operators a year of non-compliance before he'll do anything about it.
I thought this was also an opportunity to roll out in the post title an old line I wrote in an article in 2003, which I suppose goes to show that the legislators have still not got to grips with what to do with cookies.