In brief…

You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent can be implied, but must be knowingly given.

There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).

The same rules also apply if you use any other type of technology to store or gain access to information on someone’s device.

The ICO explains its approach, which is...

" ... to focus on sites that are doing nothing to raise awareness of cookies, or get their users’ consent, particularly those visited most in the UK. However, we have maintained a consumer threat level of ‘low’ in this area due to the very low, and falling, levels of concerns reported by members of the public. When consumers raise their concerns with us, we either conduct our own compliance check or write to the organisation concerned asking for an explanation about their compliance.

We have written to 275 organisations since October 2012, specifically about compliance with the cookie rules. We focused our efforts on sites ranked in the 200 most visited in the UK, as these will have the greatest impact on consumers.

Has anyone been prosecuted for non-compliance of this directive since it was introduced?

you'll need to take steps to integrate your preferred solution with the advertising tags on your pages to make sure your users' preferences are respected

Our advertising cookies

To help our partners manage their advertising and websites, we offer many products, including AdSense, AdWords, Google Analytics and a range of DoubleClick-branded services. When you visit a page that uses one of these products, either on one of Google’s sites or one of our partners’, various cookies may be sent to your browser.

Talking Google AdSense only, if someone clicks on the acceptance, or even continues through the site, it's been acceptable, and described as implied consent.

[adsense.blogspot.ie ]

[edited by: robzilla at 4:23 pm (utc) on Jul 27, 2015]

For end users in the European Union:

You must use commercially reasonable efforts to disclose clearly, and obtain consent to, any data collection, sharing and usage that takes place on any site, app, email publication or other property as a consequence of your use of Google products; and
You must use commercially reasonable efforts to ensure that an end user is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the end user’s device where such activity occurs in connection with a product to which this policy applies.

it sounds like a major pain for EU publishers

and obtain consent to, any data collection, sharing and usage that takes place on any site, app, email publication or other property as a consequence of your use of Google products;

The majority are probably in the US, but yea, it sounds like they're going to enforce and it sounds like a major pain for EU publishers.

there is also a valid consent if the Internet user surfs through the website after being clearly and fully informed about the cookies placed.

The language of the explanation of cookies can therefore be dependent on the
target website. Informing by means of a global reference to the general
conditions, privacy and / or permission statements is inadequate.