This conversation would IMHO be more appropriate on mediawiki-l because
it affects mainly third parties who care about the higher privacy
standards of EU, but thanks for starting it.
On asking WMF legals, no worries, they were already pointed to the
possibility of an issue with 2009/136/EC / "EU cookie law" / revised
ePrivacy Directive on Fri, 16 Aug 2013 11:18:32 +0200 (no reply
received, but I was merely giving a pointer and not interested in
following up).
Some fines were levied just few days ago, as a quick search reveals:
<http://www.bna.com/spanish-dpa-levies-n17179882151/>.
As for Wikimedia projects, relevant links are
* stub
https://meta.wikimedia.org/wiki/Cookie_jar
* draft
<https://meta.wikimedia.org/wiki/Privacy_policy/FAQ#Can_you_give_me_some_examples_of_types_of_cookies_and_how_you_use_local_storage.3F>
*
<https://www.mediawiki.org/wiki/Requests_for_comment/Performance_standards_for_new_features#Scope_and_issues>
I believe most issues with cookies are currently/usually caused by some
extensions which unconditionally add one or more. The biggest drive for
their removal, so far, has been performance. Sometimes they are replaced
with localStorage, which is better for performance, but I have no idea
how better for privacy.
Nemo