Several states have privacy laws limiting or requiring disclosure of how their data is used.

If I understand correctly the FTC only prevents companies from selling your data when they've told you they won't.

Would have to read thru Tittle II of the communications act and see what portions they are under. Title I is POTs and Title II is ISPs and Cellphone providers. Title I tends to be much more strict.

Remember that under the last reign of the current present, information services were removed from Title II regulation. Biden did vote to restore the net neutrality status last year but that was challenged in court and never went into effect. It was ultimately overturned in January and we're left without net neutrality protections.

Electronic communications privacy act, to start.

How does that apply? In this case the companies sending subpoenas are saying "who was using IP address w.x.y.z at 10:15am on June 15?". How would ECPA apply, since IIRC, it covers requirements for law enforcement to collect data from telecoms?