Agreed, the new EU ePrivacy directive is not about "cookies" per se, but storing and re-accessing data you store on people's computers. Cookies are the main example of that, but it also applies to anything that can re-identify a user.

In a sense the "Cookie law" is a confusing misnomer. Not only "cookies", but also local storage, flash cookies, plugins, toolbars, and even resources like images, HTML, CSS and JS fall under this law.

The Dutch minister spoke of (freely translated): "Everything that reads or stores your data on your appliance, without permission, without a functional goal other than tracking".

Some techniques like browser fingerprinting ( https://panopticlick.eff.org/ , but also possible with http://modernizr.com/ ) don't store anything on your appliance, but would still fall under the "reading your data from your appliance" part of our law, if used for tracking purposes.

You would need permission to use the "grey" technique from the article. Even if you were to store that data in aggregated form.

If I write a site that logs users in, I keep track of them merely by storing their username in a database as well as a cookie value representing that they are logged in, so do they need to accept terms before logging in?

There is often "implied consent" for storing local data that is strictly necessary to perform an action that a user has initiated.

Some people use browser fingerprinting for anti-spam techniques, would they need to get the spammer's acceptance before enabling this?

As you can see, these European laws border on absurd.

the law covers storing data on a user's computer. If you record their personally identifying information (i.e. user agent) on your computers, then that might fall under the decades old data protection directive in EU.

Also if someone does not consent to storing data on their computer and it's necessary to store it to get it to work, then they cannot use your site. The law doesn't require that your site work fine without local data. That would be silly.