There is, of course, a middle ground. In mid-October, Senator Ron Wyden, Democrat of Oregon, introduced a bill to bolster the Federal Trade Commission’s powers to police privacy. Called the Mind Your Own Business Act, it would enable the commission to impose steep fines for privacy violations and hire 175 additional staff. It would also make it a crime for senior executives to knowingly lie to regulators about their companies’ data practices.

The United States was not always a data protection laggard. In 1974, Congress passed a law, the Privacy Act, regulating how federal agencies handled personal information. It was based on a credo, known as fair information practices, that people should have rights over their data. The law enabled Americans to see and correct the records that federal agencies held about them. It also barred agencies from sharing a person’s records without their permission.

Congress never passed a companion law giving Americans similar rights over the records that private companies have on them. Historically, Americans have feared big government more than big business . The European Union, by contrast, established a directive in 1995 governing the fair processing of personal data by both companies and government agencies.

Today, the European Union has an even more comprehensive law, the General Data Protection Regulation, and each member state has a national agency to enforce it. Those agencies in Belgium, France, Germany and other European countries have recently acted to curb data exploitation at Facebook, Google and other tech giants.

It’s not just the European Union. Australia, Canada, Japan and New Zealand have also established stand-alone data agencies. By contrast, American consumers have to rely largely on the F.T.C. to safeguard their personal information, a data protection system that privacy advocates consider as airtight as Swiss cheese.

The commission was established in 1914 to break up abusive monopolies — in oil, steel, sugar and other industries — and ensure fair market competition. In the 1990s, in the early days of the commercial internet, the agency began positioning itself as the country’s de facto privacy regulator. It has since developed expertise in areas like children’s online privacy and mobile app privacy.