This conversation would IMHO be more appropriate on mediawiki-l because it affects mainly third parties who care about the higher privacy standards of EU, but thanks for starting it.
On asking WMF legals, no worries, they were already pointed to the possibility of an issue with 2009/136/EC / "EU cookie law" / revised ePrivacy Directive on Fri, 16 Aug 2013 11:18:32 +0200 (no reply received, but I was merely giving a pointer and not interested in following up). Some fines were levied just few days ago, as a quick search reveals: http://www.bna.com/spanish-dpa-levies-n17179882151/.
As for Wikimedia projects, relevant links are * stub https://meta.wikimedia.org/wiki/Cookie_jar * draft https://meta.wikimedia.org/wiki/Privacy_policy/FAQ#Can_you_give_me_some_examples_of_types_of_cookies_and_how_you_use_local_storage.3F * https://www.mediawiki.org/wiki/Requests_for_comment/Performance_standards_for_new_features#Scope_and_issues
I believe most issues with cookies are currently/usually caused by some extensions which unconditionally add one or more. The biggest drive for their removal, so far, has been performance. Sometimes they are replaced with localStorage, which is better for performance, but I have no idea how better for privacy.
Nemo