The EU Privacy Directive relating to this was first introduced in May 2011 and at the time it was argued that businesses in EU member countries need to be given time to amend their websites in order to comply with the new regulations. The UK government updated their Privacy and Electronic Communications Regulations in response to the EU Privacy Directive, and has given websites until May 26th 2012 to comply.
Here is a short video which explains what it is all about.
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
That basically means if your website includes cookies (INCLUDING GOOGLE ANALYTICS) you must ask site users to agree to accept the cookies each time they view the site.
For most businesses this is simply a case of adding a disclaimer notice with a box that the customer needs to tick in order to enable the cookies. Most sites will still work without the cookies enabled, however if cookies are present then the disclaimer needs to be there.
What worries me is that most small business owners are probably not even aware if their site has cookies or not. Therefore unless their web developer has advised them of the new directive they may not know that they need to take action or how little time there is left.
The ICO is unclear on how strict it will be with enforcement of the laws, however it does have the power to enforce fines on businesses of up to £500’000 so my advice would be to do what you can to comply now rather than having to fight the fines later.