This isn't about stupid users but about companies deliberately "misunderstanding" while going out of their way to exactly what the law said they shouldn't do and hoping they'll get away with it line they did with the old "cookie law".
Edit: also, another observation from the field: Often the users aren't as clueless as certain lazy admins claim. And I am a sysadmin :-)
I'm a developer and given the things I've seen users do, calling most users stupid would be a gross offense towards stupid people. It is precisely because I know how twisted and convoluted a system could be that I'm incredibly... "Meh" towards the whole cookie fiasco. What's more there's things such as AmIUnique[1], which are pretty significant. In my case some stats:
User agent: <0.01%
Content language: <0.01%
On the subject of content language alone I'm willing to believe I'm more likely to be <0.00000001%. So combine all those together, and I'm pretty sure you can narrow down my identity to a single digit number of possible individuals, if not pin-point me exactly, without bothering with cookies at all. Which makes the whole privacy argument pretty stupid to begin with. Take someone like google and how many people use google analytics. Forget the cookies, forget everything: "oh I know this guy"! Same story with facebook like buttons and whatnot(if I hadn't blocked all traffic from facebook that is).
Edit: also, another observation from the field: Often the users aren't as clueless as certain lazy admins claim. And I am a sysadmin :-)