The GDPR would almost certainly be held unconstitutional in the United States. Only an insane jurist could consider it constitutional under the U.S. legal framework established in Reed v. Gilbert and related cases.
There is not a distinction between "Bob cannot collect Alice's phone number" and "Alice cannot share her phone number with Bob". These two statements are equivalent logically. The second, an information sharing restriction, is a clear violation of Alice's rights to speech. While the government could restrict non-consensual data collection, restricting consensual data collection is a direct violation of the right to share information enshrined in the First Amendment. Moreover, the government can usually only enact information sharing restrictions when a "compelling government interest" justifies it. While the government can sometimes enact privacy regulations where a compelling governmental interest exists, such as in medical records, even then, patient consent allows the medical records to be shared. HIPA itself straddles the boundary of constitutionality, it would be ridiculous to think such onerous information sharing restrictions could be upheld against rudimentary information like a person's name, particularly considering the "least restrictive means possible" and "not unduly burdensome" standards that govern First Amendment jurisprudence in the United States.
Likewise, cookie restrictions would clearly be unconstitutional, since the website doesn't store cookies on your computer. Rather, the website transmits cookie information as part of the response, and the web browser has the option of saving the cookie or not, and retransmitting the information or not. In fact, some browsers, like Mozilla Firefox, allowed you to get a pop up for each cookie a website offered, with the choice to accept, deny, accept all cookies from the website, or deny all cookies from the website. Most users did find this inconvenient, and opted to simply allow all cookies to ensure site functionality.
Restricting the sending of cookies is a content-based speech restriction, and restricting the saving of retransmission of cookies is likewise a content based speech restriction. Unless a website owner takes active measure to deny access to custom web browsers, the fact most web browsers will save cookies without asking is irrelevant to this analysis. The user choses to use a given web browser, and if the cookie is stored non-consensually, the blame for this must be on the web browser, which stores the cookies, not the website, which merely transmits it to the web browser. Restricting the transmission of cookies is a core First Amendment violation.
(Score: 1) by khallow on Friday January 06 2023, @05:28AM (3 children)
(Score: 1) by khallow on Friday January 06 2023, @05:31AM
(Score: 0) by Anonymous Coward on Saturday January 07 2023, @05:59PM (1 child)
But which part of what the rpnx says is relevant to the GDPR?
So if consent is given you can process it. So where does it go against the US constitution here?
Based on rpnx's arguments is the HIPAA unconstitutional too?
https://www.cdc.gov/phlp/publications/topic/hipaa.html [cdc.gov]
(Score: 1) by khallow on Saturday January 07 2023, @10:09PM