It sounds like websites control your computer.
HTTP is a stateless protocol, which means between page loads, the web server normally has no way to know who's who. Cookies solve that, by letting each visitor identify itself every request. It works as follows:
<visitor> I'd like to look at this web site.
<server> Sure, here's the web site. Also, next time you visit, give me this cookie (a number), so I know who you are.
... time passes ...
<visitor> I'd like to look at another page. Here's that cookie you gave me last time.
With this absurd legislation, the server would have to ask permission for the visitor to return the cookie? It doesn't make sense! It's up to the visitor to return the cookie!
Or maybe the exchange would be more absurd:
<visitor> I'd like to look at this web page.
* visitor reads page
<visitor> OK, I accept the policy.
<server> Who are you?
<visitor> I'd like to look at this web page now.
The legislation is just a poor attempt at solving the problem that most users don't know how to control their software.