I believe you are in the minority - most people, even on HN, are probably comfortable (or apathetic :-) ) enough to accept the status quo.
If you are really serious about protecting your privacy online, I imagine you already have your browser configured to deny all cookies except those which you explicitly accept. The tools to solve this problem already exist - either built in to the browser, or easily available as extensions.
I think you are seeing this from a limited viewpoint. There's lots of people out there who don't even understand what the internet is, you'd be lucky if they know what a browsers is. The EU is proactively protecting those people, much like has been done for decades with offline data protection.
I'm genuinely curious about this - what do you think gets done with a browser cookie that actually causes real harm to the user? Perhaps that should be regulated instead of the mechanism for it.
Protecting them from commercial use of their personal data - without explicit consent. In the US it's more of a free-for-all and businesses can get away with much more; in EU countries, their governments prefer to protect their populations from businesses (before anything bad happens). Just a different philosophy.
If you are really serious about protecting your privacy online, I imagine you already have your browser configured to deny all cookies except those which you explicitly accept. The tools to solve this problem already exist - either built in to the browser, or easily available as extensions.