The relevant authority in the UK is the Information Commissioner’s Office (ICO), which is responsible for the enforcement of the Data Protection Act and to uphold the freedom of information.
An FAQs page for organisations on cookies by the ICO.
Detailed Guidance Document (PDF) from the ICO on cookies. For the use of cookie banners, page 19 and 20 are particularly relevant, but the document sets out a lot of information about all facets of the cookie provision and is a very insightful read.
On the topic of prior consent, the ICO states that in principle cookies should not be dropped before consent is given. It concedes, however, that in reality it is difficult for a website publisher to ensure users are adequately informed for dropping cookies.
“Wherever possible the setting of cookies should be delayed until users have had the opportunity to understand what cookies are being used and make their choice. Where this is not possible at present websites should be able to demonstrate that they are doing as much as possible to reduce the amount of time before the user receives information about cookies and is provided with options.”
Regulation 6 (3) and (3A) provide that consent only has to be given upon the initial use of a website, and that consent can be indicated by the settings on the web browser of the user. Additionally, the amendments in 2011 created the possibility to consent via the use of settings of a web browser. However, as is explained above, current web browsers are not considered sufficient for giving meaningful consent.