The law is designed to protect the privacy of individuals within the EU. In theory, this means that any website that serves EU citizens, has to comply with respect to those citizens, regardless of who owns the website or if a site is hosted outside the European Union (EU) borders. American sites will still have an obligation to comply with the EU Cookie Directive.
We’re outside of the EU, are we affected?
In practice, as enforcement is on a country by country basis, any company which has no legal EU presence, is going to be very hard to pursue a case against. This is one reason that a lot of commentators have suggested it hands advantages to non-EU businesses. A website owned by a US company can avoid the law and still serve content to the EU, whilst gathering better information about visitors and enabling them to avoid compliance notices.