The Information Commissioner's Office (ICO) has published guidelines on the business use and storage of cookies.
Following an EU Directive, businesses are now obliged by law to obtain the explicit consent of each of their websites' visitors before storing any data on their device. Websites must also provide 'clear and comprehensive information' about the purposes of the storage.
The UK actually introduced the amendments on 25 May 2011 through The Privacy and Electronic Communications Regulations 2011. However, website owners have been given until May 2012 to make their websites compliant with the new legislation.
It remains to be seen how strictly this law will be enforced, but the ICO have already introduced a maximum penalty of £500,000.
Internet link: IAB cookie guide