This is part 2 of a series on the constitution's role in informational privacy. There will be endnotes.
The General Data Protection Regulation is designed to support the individual’s interest in informational privacy, which the EU recognizes as a fundamental right. Under that law, the collection, use and transfer of personal information is prohibited unless done with consent of the individual. It has a de minimis legitimating role for social or business purposes but generally, if the individual revokes consent, processing of information must stop and often the information itself must be deleted.
The US works from a different paradigm. We certainly value privacy as necessary and valuable to ensure both personal dignity and a free and functioning society. But we focus privacy laws on the prevention and remediation of harm, not on consent. United States privacy law grew out of the common-law privacy torts: defamation, intrusion on seclusion, disclosure of private facts, false light and the right of publicity. Thus, for example, the tort of disclo ...