Big companies tend to have stricter cookie policies and tend to stay longer on old technologies (E.g. old IE versions)
In general practice, the law requires that all websites require their visitors to consent for the usage of cookies, generally with a non-intrusive pop-up somewhere on the website allowing the visitor the option to accept them.
For consent to be valid, it must be informed, specific, freely given and must constitute a real indication of the visitors intention.
It should be noted that using cookies to measure visitors to your website or for advertising purposes is not allowed. The law does allow an exception for some 'strictly necessary' cookies to be stored without requiring prior consent such as technical cookies (user preferences, session trackers).
Platform for Privacy Preferences (P3P) policies currently are not required under any United States laws, therefore P3P causes some controversy with consumers who are concerned about the release of their personal information and are only able to rely on P3P's protocol to protect their privacy. For a large company, it's probably the better consensus to display the usage of P3P on the website and inform the visitor of its presence.
In terms of other additional policies, EUROPA websites must also follow the commission's guidelines on privacy and data protection and inform users that cookies are not being used to gather information unnecessarily.