Stories
Slash Boxes
Comments

SoylentNews is people

The Fine print: The following are owned by whoever posted them. We are not responsible for them in any way.

Journal by rpnx

The GDPR would almost certainly be held unconstitutional in the United States. Only an insane jurist could consider it constitutional under the U.S. legal framework established in Reed v. Gilbert and related cases.

There is not a distinction between "Bob cannot collect Alice's phone number" and "Alice cannot share her phone number with Bob". These two statements are equivalent logically. The second, an information sharing restriction, is a clear violation of Alice's rights to speech. While the government could restrict non-consensual data collection, restricting consensual data collection is a direct violation of the right to share information enshrined in the First Amendment. Moreover, the government can usually only enact information sharing restrictions when a "compelling government interest" justifies it. While the government can sometimes enact privacy regulations where a compelling governmental interest exists, such as in medical records, even then, patient consent allows the medical records to be shared. HIPA itself straddles the boundary of constitutionality, it would be ridiculous to think such onerous information sharing restrictions could be upheld against rudimentary information like a person's name, particularly considering the "least restrictive means possible" and "not unduly burdensome" standards that govern First Amendment jurisprudence in the United States.

Likewise, cookie restrictions would clearly be unconstitutional, since the website doesn't store cookies on your computer. Rather, the website transmits cookie information as part of the response, and the web browser has the option of saving the cookie or not, and retransmitting the information or not. In fact, some browsers, like Mozilla Firefox, allowed you to get a pop up for each cookie a website offered, with the choice to accept, deny, accept all cookies from the website, or deny all cookies from the website. Most users did find this inconvenient, and opted to simply allow all cookies to ensure site functionality.

Restricting the sending of cookies is a content-based speech restriction, and restricting the saving of retransmission of cookies is likewise a content based speech restriction. Unless a website owner takes active measure to deny access to custom web browsers, the fact most web browsers will save cookies without asking is irrelevant to this analysis. The user choses to use a given web browser, and if the cookie is stored non-consensually, the blame for this must be on the web browser, which stores the cookies, not the website, which merely transmits it to the web browser. Restricting the transmission of cookies is a core First Amendment violation.

Display Options Threshold/Breakthrough Reply to Comment Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by khallow on Friday January 06 2023, @05:28AM (3 children)

    by khallow (3766) Subscriber Badge on Friday January 06 2023, @05:28AM (#1285425) Journal
    While that's a reasonable argument, there are other aspects to the law. For example, the business is restricted in what it can do with the information, has an obligation to collect minimal information for the task at hand, has an obligation to inform the user of information it collected and what it plans to do with that, and has to delete said information upon request. None of those would be affected by the US's First Amendment.
  • (Score: 1) by khallow on Friday January 06 2023, @05:31AM

    by khallow (3766) Subscriber Badge on Friday January 06 2023, @05:31AM (#1285426) Journal
    Incidentally, I don't have extensive knowledge of this law. I just had to take some familiarization training for my employer recently so I can parrot those bullet points and that's about it.
  • (Score: 0) by Anonymous Coward on Saturday January 07 2023, @05:59PM (1 child)

    by Anonymous Coward on Saturday January 07 2023, @05:59PM (#1285712)

    But which part of what the rpnx says is relevant to the GDPR?

    Personal data may not be processed unless there is at least one legal basis to do so. Article 6 states the lawful purposes are:[16]

            (a) If the data subject has given consent to the processing of his or her personal data;
            (b) To fulfill contractual obligations with a data subject, or for tasks at the request of a data subject who is in the process of entering into a contract;
            (c) To comply with a data controller's legal obligations;
            (d) To protect the vital interests of a data subject or another individual;
            (e) To perform a task in the public interest or in official authority;
            (f) For the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the Charter of Fundamental Rights (especially in the case of children)[6]

    So if consent is given you can process it. So where does it go against the US constitution here?

    Based on rpnx's arguments is the HIPAA unconstitutional too?

    https://www.cdc.gov/phlp/publications/topic/hipaa.html [cdc.gov]

    • (Score: 1) by khallow on Saturday January 07 2023, @10:09PM

      by khallow (3766) Subscriber Badge on Saturday January 07 2023, @10:09PM (#1285731) Journal
      How about where that data gets sent out of jurisdiction? If this is constitutionally protected speech, they can't keep people from selling their information to say, Chinese intelligence agencies.