My point is that cookies are, and always have been, an optional feature of the web. If you go back a decade or so, you might remember annoying IE dialogs warning you that "a website is trying to put a cookie on your computer, do you accept?" While cookies may be used for nefarious purposes, they are essential to many, many legitimate features of the web like maintaining a user session, and to an end user, their importance has trained them to automatically click "Accept."

They are so ubiquitous that browsers typically accept them by default now, but they are still an optional feature. This EU mandate could have been just as well fulfilled by required browser vendors to have the accept cookies warning turned on by default and let users turn it off at their peril. Instead, it has just added another chunk of compliance for web workers to adhere to. Users are still going to be the same ol' users who click "Accept" because they want to get into whatever they were trying to get into. Only now, there's a lot more room for lawsuits.

All of that is true. However I doubt you could claim "opt in" because the user's browser accepted the cookie. It's not that easy to get around the letter and spirit of the law.