Why the fuss?
This is really simple (and for once, the EU got it right).
* If you're using Session cookies, you don't need to change anything. Implicit consent is fine.
* If you're using tracking cookies (for cross-site advertising), then the law is quite rightly targeting you. Basically that behaviour is pretty evil, and although you can persuade the user to waive their privacy rights by "accepting" the tracking, this shouldn't happen.
* 3rd party analytics (eg Google) and non-tracking advertising are the grey-areas.
Here's a simple test;: if the average geek would consider your cookie beneficial to him, then you don't need to ask for consent. If you think the average geek would prefer to reject your cookie, then you do need to ask for consent (but you shouldn't be using that type of cookie anyway).
Another way of looking at this: very few businesses work with the "free content, ad-supported" model. Some do (eg The Reg; Facebook). But, If you aren't reliant on advertising, then this rule doesn't affect you, (or you are completely incompetent.)