This law targets the wrong problem. It should not be something that millions of websites have to comply with. This should be down to the dozen or so browser makers being forced to include better cookie management tools in every browser.
Agreed, it should be browser-based: that is the ONLY possible way. People have been saying that for years!
Also: define "cookie" - is it all cookies or permanent ones only, for example? What about temporary / session cookies, which as far as I know cannot be suspended at all on IIS sites (or if they can it's allways or never).
Apart from that, there are an awful lot of web sites that fall outside the UK jurisdiction - there's that little country USA, for example...
The ICO should instead buckle down to preventing things like DPI and other serious privacy issues that WE can do nothing about, either as users or webmasters.