Disclaimer: I’m not a legal expert and this is just some thoughts on the matter that I hope will be useful, it’s not intended as legal advice.
UPDATE: skip to the bottom of this post for the latest!
There’s a good summary of what the EU Cookie Law is and means here.[footnote]It’s a commercial site but offers a clear explanation.[/footnote]
There may also be cookies issued by 3rd parties such as plugin providers and other software or services used within the site such as commenting/analytics services.
It’ll be interesting to see how the EU WordPress community responds to the legislation: it’s likely that a best practice will emerge over the coming months if the law looks like it’s actually anywhere near enforceable anyway.
I know that’s not a 100% comprehensive answer, but hopefully it’s useful as a reference. Please do sound off in the comments with any thoughts, advice or resources – thanks!
UPDATE 2: This is the best bit of advice I’ve seen – it’s a plugin that points out that the DMCS (the department that oversees this issue) doesn’t have a pop-up, just a policy (and their policy is here). So, until they introduce a pop-up, then I’d say you’re safe with a policy only, but again this is not authoritative, just a discussion of the situation.