This is something that we have been keeping a careful eye on. Unfortunately, it has become very clear that the legislation is vague in a number of key areas, and verging on unworkable in others.
The guidance on third-party cookies - for example, Google Analytics and AdSense - suggests that site owners and third parties are jointly responsible for obtaining consent, but in practice this is very difficult to pin down. Strictly speaking, Google is the owner of the cookies and the associated service, so the site owner is arguably not responsible for seeking this consent.
However, the ICO recently updated its policy to allow organisations to use "implied consent" to comply. This means users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.
It should be noted that John Lewis expressly disclaims responsibility for the setting of third-party cookies, and there does seem to be an emerging consensus on this. We have checked the policies of some other companies that offer site building software, and they state that, while the basic site will be compliant, the site owner should check with the provider of any third-party code that they also comply. This is broadly in agreement with our own opinion.
In our software, you might want to add a splash page to the front of your site, explaining that cookies will be used. However, the nature of our software does mean that loading the site will cause these cookies to be set. Therefore, it would be prudent to recommend that visitors who opt out of cookies clear them immediately. Some site owners have also added an HTML banner, like the one offered by http://www.cookiecert.com/ or Silktide.
It is also worth remembering that the ICO will not be immediately enforcing this legislation, and that it is likely that a company or business will avoid prosecution if it is able to demonstrate that it is 'working towards' compliance. The Government have hinted that Analytics cookies are well down its list when it comes to enforcement:
That said, Moonfruit will continue to investigate how we can make compliance simpler for our customers e.g. a widget, links, guides, etc.