Older people are not as productive or innovative as younger people.
Therefore, there will be fewer things produced and less to go around for "the remaining people."
I disagree with the immediate labeling of a potential consumer protection law as "rent seeking." Such an attitude totally excludes any improvement in the consumer privacy situation, unless it's an act of benevolence from adtech; which is to say that it totally excludes any privacy improvement ever.
These recently-discovered European "rights" are probably non-starters, but the ability to get a Google-takeout style package of your own data, and some reasonably protections regarding consent and the way your data is used would clearly Constitutional. We already force some industries to follow most of these precepts in other laws that haven't been challenged: credit agencies have to explain your credit score to you, HIPAA manages how medical data is used. The core of GDPR is really just expanding those laws to all companies.
The only sticky one is really the "right to be forgotten," which just isn't a right, and possibly has constitutional (1st amendment) problems.
IMO though, a "conservative GDPR" could get Republican backing by basically framing it as a question about property rights, which their base is all about: your data is valuable, and it's YOUR property, not Google's. Some of the other provisions could be sold as a "sunshine law" for big business.
Also resumably, given US politics, there would be plenty of exemptions for small businesses (and industries that have strong lobbying firms).
(note that I'm not a lawyer, so this may be bullshit)
If you actually read up on the "right to be forgotten" you will see that "free speech" is always an exception to it. You cannot demand to be forgotten in order to censure others.
The American interpretation of “free speech” is much more broad than in the EU. Here, laws banning hate speech or flag burning or corporate campaign donations are unconstitutional for example. Libel lawsuits are much harder to pull off here as well.
A law requiring businesses and individuals to delete any personal data at the request of the data subject, as the GDPR requires, would have to be extremely narrowly written to survive constitutional muster here, I think.
If I do business with you and write down your name, the GDPR requires that I delete your name if you ask me to (and even if you don’t if our relationship ends). That wouldn’t survive a First Amendment challenge here.
> If I do business with you and write down your name, the GDPR requires that I delete your name if you ask me to (and even if you don’t if our relationship ends).
> The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
> the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
> the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
> the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
> the personal data have been unlawfully processed;
> the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
> the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
GDPR doesn't require that you do that. GDPR has other exceptions that you could plead very easily: undue hardship, archival, public interest, compliance with other laws, scientific research, and establishing legal claims. What would you need my name for if not one of those?
Maybe I want to remember your name because, let's say, I want to pray for all my customers every Sunday. Or perhaps I want to try and memorize all my customer's names so I can use your name when I see you come in my shop. Or perhaps to track patterns of purchases by my customers. Or perhaps because I think it's important to have a track record of everyone I've sold to, and when, for purposes to be discovered later down the line that I can't think of right now.
In America, I don't need a reason for writing your name down. In the EU on the other hand, all personal data needs to be deleted, unless a specific government-approved exemption applies, as you said.
Quoting the US Supreme Court, in Chicago v. Mosley, 1972:
> Above all else, the First Amendment means that government has no power to restrict expression because of its message, its ideas, its subject matter, or its content. To permit the continued building of our politics and culture, and to assure self-fulfillment for each individual, our people are guaranteed the right to express any thought, free from government censorship [1]
I'm pretty sure that if the GDPR was copied and pasted into a US law, the Right to be Forgotten would be struck down as unconstitutional very quickly.
The general claim people make suggesting things like Right To Be Forgotten or Right To Privacy is that it violates "free speech", and particularly, that via Citizens United, the US currently claims corporations have the right of free speech. Google believes, for instance, all limitations on how it provides search results as an infringement on Google's right to "say" whatever they want.
Of course, we already have a variety of limitations on free speech, plenty of laws that restrict what companies and and cannot disclose about other entities, and GDPR would be no different.
> [a] Right To Privacy is that it violates "free speech"
Copyright is settled law that definitely limits the kinds of speech people can engage in.
Couldn't you construct a right to privacy by first saying an individual has an automatic ownership right to certain kinds of personal data [1], and that data can't be used without an appropriately constructed license [2]?
[1] You might be able make this strong and compatible with the First Amendment, by treating machine-collected and person-collected data differently. A machine has no First Amendment right to speak about what it knows, while a person does.
[2] The "appropriately constructed license" requirements could include GDPR-like definitions of consent.
I, personally, do not believe there is any disagreement between the Constitution and GDPR. In fact, a right to privacy has long been inferred by combining traits of a few amendments: https://en.wikipedia.org/wiki/Right_to_privacy#United_States (Of course, that constructed right is a right to privacy specifically from government actions.) And generally, we've recognized that some rights such as speech, may need to have limits to avoid encroaching upon other rights, such as privacy.
The way that works (and in fact the way that classification of government secrets works in the US) is that this information is 'born secret'.
This information is has to be kept away from the public, including journalists, but there is no law preventing journalists from publishing information about someone's health. HIPAA doesn't cover journalists, it just prevents covered entities from giving journalists information.
I don't think things like GDPR and "free press" are in conflict like you think they are.... at least you haven't explained how they are supposedly in conflict.
HIPAA exists... and it doesn't prevent the press from using that information.
I'm not sure your really have a good grasp on what any of these laws actually do, let alone 'free speech'. You keep alluding to complications that don't exist and don't explain what you're talking about.
For "press freedom" defined as the writing and publishing of articles, it's unaffected.
For "press freedom" defined as literally any action a member of the press takes, sure it's affected, but that's a very flawed definition. It's not like drunk driving laws are an infringement on "press freedom", even though they occasionally affect members of the press.
First, the company decides whether the request needs to be complied with or not, and if the user doesn't like that decision, they can complain to the regulators who may choose whether the refusal is worth looking into.
Then I'm going to store all the information I want, for the purpose of expressing it to others. Oh wait, I can't do that? Somehow the EU has a different definition of "freedom of expression" in mind than what the words actually mean.