As someone who used to build VoIP services, I want to speak in praise of cookies and particularly their use for stateful things like Presence and Call Control.
When I worked on the first class 5 softswitch, we made a bad decision that was based on keeping state of a call on the network. My SOB friend from Harvard filled me in on his advice for the rest of the community that came to late to save me.
Cookies could be used to keep state for end to end calls and would also be valuable to other services like 911.
So the European Rules about Cookies were trying to deal with privacy, but instead has lumped everything in together.
This is all to familar. Often the Privacy concerns are valid and without a master plan, all cookies are lumped together. So definitions are important in this process, but as with almost everything on the Internet the opportunity for innovation will dwarf the decisions presently.
Worse yet, if you are trying to deal with wiretapping and terrorism, you might want some covert cookies.
I honor those with good intentions, but suggest that technological law needs more technologists involved.