Wild claims about the possible fallout of artificial intelligence (AI) dominate headlines, with grave concerns about its impact on everything from the creative industry to education and health care. Debates on AI and data regulation widely assume that the European Union is far ahead of the United States, as if the only reason to be interested in the American political and regulatory scene is morbid curiosity or any sign of hope it might ever catch up.

Perhaps, then, it might come as a surprise that an unsung initiative by the US Federal Trade Commission (FTC) might signal a radical shift in the regulation of “consumer data” markets. A year ago, the agency launched an Advanced Notice of Proposed Rulemaking (ANPRM) on “commercial surveillance.” While it has yet to act on the comments received, it has terrific potential if it does act boldly.

The FTC has hardly been inactive: with Lina Khan at the helm, in May 2023, the FTC gave Edmodo, a Chinese-owned K-12 platform with over a hundred million users worldwide and popularity in the United States, a $6 million fine for unlawfully using children’s data for advertising purposes. Edmodo, the self-styled “Facebook for schools,” has reportedly shut down since, but it is not the only company unethically using children’s data. In June, Microsoft was also fined by the FTC for commercially exploiting children’s data from Xbox. Meanwhile, as we learn from the Center for Digital Democracy’s submission to the ANPRM, health data broker Veeva Crossix provides targetable medical “audience segments” and has forged alliances with pharmaceutical companies to integrate health data with consumer purchasing data.