I dont believe you should worry yourself about 3rd party sites you link to, as long as they are consistent in your blogroll etc, but you should think about your advertising partners, how they use cookies and also if you keep any logs, logfiles, analytic packages or related.

The decision what to say and where is yours and yours alone, but I would suggest (on the basis that I am not a lawyer etc) that you place in your privacy policy, which you should have clearly linked from all pages, that you:

Do not store any information or data about your visit. We do not store logfiles nor do we use any 3rd party analytics companies.

We do work with Advertiser X who details on http://advertiserx.com/privacy.html how they all forms of data. If you do not wish advertiser X to do this with your visit then their opt out page is at http://advertiserX.com/optout.html. We are recompensed for any advertising that is shown on this site.

Something like the above, adapted obviously for your specific use, would in my (non legal) opinion bring you to a more compliant state.

The choice is yours of course

I run a website that has no cookie use at all, so a user visiting my site will not have a cookie downloaded to their client…all good so far…

I host an advert which I get paid for. This advert, IF clicked on, will redirect a user to the advertiser’s website and place several cookies on the user’s client. This is simply because the external website does use cookies.

I have a blog roll which links to other blogs I like. Some of these blogs use cookies, so if a visitor clicks on on the the blogroll links a cookie may get downloaded to the user’s client.

In short, am I responsible for cookies delivered to a users machine simply due to the fact I link to websites that do use cookies?

Thanks

My understanding, on the basis I am not a lawyer & this is not legal advice (IE I am informed rather than than knowing) is that it doesn’t matter where your server is but it does matter where your company that runs the website / server is based.

Let’s look at a couple of scenarios:
If you run a UK registered business, with visitors from the UK even with a server that is based in the US, then this does apply to you
If you run a business registered in a differing EU location (say Germany, but it could be any EU country), wherever the server may be based, with visitors from the EU then you should deploy the German implementation of this legislation.
If you run any EU business then the Lisbon Treaty allows you to deliver your goods and services to other member states without having to cover off more “red tape”

If though you are a UK based business and only ever get visitors from say the US then this legislation arguably does not apply to you, although there are changes occuring in the US that are very similar to this so it would be wise to comply with this legislation and/or US versions of the same goals.

Ultimately the location of the server does not “directly” have a bearing on whether you should or should not comply but where your business is formally based does have a bearing as does which countries your visitors come from.