Data Privacy

Master the essentials of data privacy with our expert-led guide. From key laws and principles to consent tools and compliance tips, explore real-world examples to stay informed, build trust, and run privacy-first marketing campaigns with confidence.

Published by Usercentrics

18 mins to read

Mar 25, 2025

Chapter 4

Over 150 data privacy statistics companies need to know about in 2025

tailor their marketing efforts and create more personalized experiences. This isn’t new.

However, there’s also growing awareness — and demand — for online privacy. People are increasingly concerned about how much companies know, who they share that information with, and what might happen if personal or company data were to fall into the wrong hands.

Understanding the impact of data privacy on businesses and individuals is more important than ever. That’s why we’ve collected the most relevant statistics on data privacy from 2024 and 2025.

What is data privacy?

Data privacy, also called information privacy, refers to the right of individuals to control how their personal information is collected, used, and shared. It encompasses the practices, policies, and technologies that contribute to handling personal data appropriately and in compliance with applicable regulations.

Personal information includes any information that relates to an identified or identifiable individual. This can range from obvious identifiers like names and email addresses to less obvious data points such as device IDs, IP addresses, and browsing behaviors.

What is data privacy? Examples, relevant regulations, and best practices

We’ve compiled everything you need to know about data privacy, from relevant worldwide regulations to common issues and best practices.

Learn more

Data privacy statistics

To highlight the urgency of protecting data privacy, we’ve gathered insights from leading analysts, like McKinsey, Gartner, Forrester, Pew Research Center, and Cisco. This collection of over 150 data privacy statistics showcases the current state of digital privacy and the trends that are shaping the future.

The state of data privacy worldwide

Data privacy has never been more important — or more regulated. Governments worldwide are stepping up their efforts to safeguard personal information. But how effective are these measures, and how do they impact both businesses and individuals?

The number of global privacy laws has expanded in the last five years.

By the end of 2024, data protection laws covered 6.3 billion people — or 79% of the global population.
As of the beginning of 2025, there are 144 countries with data and consumer privacy laws.

42% (21) of US states passed data privacy laws as of the beginning of 2025.
As of January 2025, the European Union has three fully operating and one upcoming law regarding online privacy and the use of digital technologies.

However, regulators aren’t just passing laws, they’re enforcing them.

California’s Consumer Protection Act (CCPA) protects over USD 12 billion worth of personal information each year.
For example, in 2024, the EU imposed EUR 2.1 billion in fines due to violations of the General Data Protection Regulation (GDPR).
We’re seeing strict enforcement worldwide: Europe, the Middle East, and Africa (EMEA) issued 54% of the largest privacy fines, with North America following at 43%.

Public support for more online privacy protection is strong.

62% of UK citizens feel safer sharing their data since the implementation of the GDPR (and UK GDPR post-Brexit).
72% of Americans believe there should be more government regulation over how companies handle personal data.
In fact, more than 50% of US voters support a national data privacy law and back the measures outlined in the now-scrapped American Data Privacy and Protection Act legislation:
- 87% support banning the sale of personal data without consent
- 86% back requiring companies to minimize data collection
- 86% want stronger online privacy protections for children under 17
- 82% believe individuals should have the right to sue after data breaches

However, despite growing concern about data privacy, public awareness remains low.

63% of Americans admit that they know very little, or nothing, about which laws and regulations are currently in place to safeguard their privacy.

But privacy laws aren’t just about restrictions. They also come with business benefits.

79% of all corporate respondents to Cisco said that the impacts of privacy laws have positively affected the organization.

These statistics show that privacy is more than just a legal or ethical issue. It’s a growing global movement with real implications for consumer trust and business operations.

Data privacy trends statistics

Changes in data privacy are continuing through 2025. Governments and businesses are ramping up efforts to boost online data protection and security. At the same time, consumers are demanding greater transparency and control over their data.

The following statistics reflect the trends that are shaping business and security priorities.

To begin, public concern is high, but awareness is low.

92% of Americans are concerned about their privacy when using the Internet.
Only 3% of Americans say they understand how current online privacy laws actually work.

Governments worldwide are continuing to strengthen online data privacy laws. Data privacy legislation and regulation continue to be drafted, passed, and enacted in 2025 and beyond. Some to watch:

Australia: Online Safety Amendment (Social Media Minimum Age)
United Kingdom: Data (Use and Access) Bill
United States: Eight state-level privacy laws in 2025 and three in 2026

Existing privacy laws in several other countries will be going fully into effect or getting updates in 2025 as well, including India, Japan, and Sri Lanka.

At the same time, companies are also ramping up privacy investments.

It is projected that global end-user spending on security and risk management will reach USD 212 billion in 2025, a 15% increase from 2024.
More than 60% of large businesses are expected to be using at least one Privacy-Enhancing Technology (PET) solution by the end of 2025.

These data privacy stats highlight just how quickly the prioritization of data privacy is growing worldwide.

Curious to know more about data privacy trends in 2025?

We’ve done the research and compiled the data privacy trends your company needs to know about to shape privacy strategy and action in 2025.

Learn more

Data privacy and consumer sentiment statistics

Consumers are more aware than ever that their data is being collected and used, but that awareness doesn’t yet translate to a clear understanding of how it’s collected, for what purposes, or what exactly is being processed.

And while data privacy is a growing concern, many people feel both powerless to control their information and skeptical about companies’ handling of it.

For starters, awareness of data privacy laws varies globally. While there’s recognition of data privacy laws, understanding of how they work varies significantly.

On average, 53% of all global internet users are aware of local data privacy laws, however, this average varies per country.

Generally speaking, people feel overwhelmed by where and how much data is being collected and how it’s being used.

68% of consumers are concerned about the volume of data being collected by businesses.
80% of the general population expressed unease and wished they knew more about how their personal data is being used online.
Only 29% of consumers said that they find it easy to understand how well a company protects their personal data.
63% of global consumers believe most companies aren’t transparent about how their data is used.
86% of Americans say that data privacy is a growing concern for them.
Just 21% of consumers feel confident that their data is being used for the proper purposes.

But data collection feels unavoidable. In fact, 62% of Americans don’t believe it’s possible to go through daily life without companies collecting data about them.

Alongside this growing concern comes a significant decline in trust of companies handling consumer data.

As of May 2024, more than half of US adults stated that they avoid companies that have had data breaches, while only 9% still trusted them.
54% of consumers say most companies don’t use data in a way that benefits them.
Two-thirds of global consumers feel that tech companies have too much control over their data.
More specifically, in the UK, Spain, and the United States, 75% of adults feel tech companies have too much control over their data.
Only 15% of US consumers think companies will use their personal data to improve their lives.
Only 5% of US consumers have no major concerns over how organizations use their data.

Although privacy policies or comparable notices are required under all major privacy laws, many people find them ineffective or simply ignore them.

Only one in five American users always or often reads a company’s privacy policy before agreeing to it.

61% of US users agree that privacy policies are ineffective at explaining how companies use their data.
69% of US users say they view these policies as just something to get past.
56% of Americans say they always, almost always, or often click “agree” without reading privacy policies.

But there is good news. Despite widespread concerns, most consumers are willing to trust companies that demonstrate strong privacy practices.

81% of users believe the way a company treats their personal data is indicative of the way it views them as a customer.
58% of users say they’re comfortable with relevant personal information being used in a transparent and beneficial manner.
84% of users are more loyal to companies with strong security controls.
39% of consumers worldwide believe that providing clear information on data usage would help build trust.

As privacy concerns continue to grow, companies that prioritize transparency, security, and ethical data use are more likely to earn consumer trust and loyalty.

Data privacy and consumer behavior

Consumers’ online behavior is increasingly influenced by concern over their online privacy. And as more people experience the risks associated with sharing personal information online, they’re becoming more proactive in protecting their data.

A significant portion of consumers is deeply concerned about their digital privacy, especially when shopping online.

66% of American consumers are anxious about their digital privacy when shopping online.
81% of respondents believe online fraud is widespread.
48% of consumers have stopped buying from a company or using a service due to privacy concerns.

This growing concern has prompted many users to take action to safeguard their privacy.

85% of adults globally want to do more to protect their online privacy.
According to Norton’s 2022 Cyber Safety Insights, over two-thirds of adults are being proactive about data privacy:

29% changed default privacy settings on their devices
26% enabled multifactor authentication on select accounts/devices
26% disabled third-party cookies in their web browsers
16% used a VPN

In addition, there are a few essential tools that remain most popular for privacy protection.

Antivirus, ad blockers, and password managers are the top 3 tools people use to protect their privacy online.
Less than one in five use other tools like:

encrypted email (17%)
encrypted messenger apps (15%)
paid VPN services (14%)

However, consumers are not only concerned about their data, they’re becoming more assertive in exercising their rights.

28% of consumers have exercised their data subject rights, with younger consumers most active in doing so.
56% of consumers verify website security before making online payments.

Transparency about privacy practices is a major factor influencing consumer behavior.

83% of consumers indicated they would be more inclined to shop on websites that openly discuss their privacy practices.
80% of consumers say they are comfortable sharing personal information directly with a brand if it leads to personalized marketing messages.
60% of buyers are willing to share more data to receive personalized benefits.
58% of users said they would be willing to share data to avoid paying for online content.
60% of users say they would spend more money with a brand they trust to handle their personal data responsibly.
77% of consumers are willing to share their email addresses for personalized experiences and additional incentives.
40% of the US general population say they would willingly share personal data if they knew exactly how it would be used and by whom (KPMG).

As consumer concern and awareness continue to rise, brands that respect privacy and offer clear benefits in exchange for data will be better positioned to build long-term trust and loyalty.

Social media platforms have long caused major concerns when it comes to data privacy. Many users express distrust toward how their personal information is handled. As privacy concerns intensify, users are becoming more aware of the risks tied to social media data collection, and some are even changing their behaviors in response.

Concerns about social media companies’ handling of personal data are widespread, especially when it comes to vulnerable groups like children.

A majority of the population (89%) expressed substantial concern about how social media platforms gather personal information on children.
81% of users feel they have little or no control over the data that social media collects.
76% of Americans do not trust social media companies and fear they will sell personal data without consent.

This unease is reflected in how people feel about the platforms’ ability to protect their data.

In one survey, 31% of respondents were “not at all confident” in social media companies’ ability to protect their data.
Only 18% of US social media users feel that Facebook protects their data and privacy.

In fact, the majority of social media users are increasingly concerned not only about how their data is being used but about how it is being collected:

35% of US adults were very concerned about how social media platforms collect their personal data.
44% were somewhat concerned.
Only 17% were not very concerned.
And 4% were not at all concerned.

As a result of these privacy concerns, many users are altering their social media habits:

38% of respondents use social media less often than they used to because of data privacy concerns.
36% of respondents said they had removed a social media account due to data privacy concerns.

With the growing lack of trust in social media companies, consumers are making it clear that their behaviors will change unless these companies prioritize better data privacy practices.

As data privacy becomes increasingly important to both consumers and regulators, businesses are taking steps to comply with evolving privacy regulations. Many companies are investing heavily to meet growing demands for privacy and transparency.

70% of US companies said they increased the collection of consumer data over the past year. At the same time, companies are prioritizing data privacy compliance.

42% of companies in the US have hired legal counsel for data privacy compliance.
47% of companies have updated their privacy policies to comply with the GDPR and other privacy laws.
82% of companies consider privacy certifications such as ISO 27701 as a purchasing criterion when selecting a product or vendor in their supply chain.
32% of US companies now have a Data Protection Officer.
80% have updated their privacy policies multiple times in the last year.
Companies process 56% more deletion requests than access requests.

In addition, compliance and security-related costs are on the rise.

The costs of complying with the CCPA are estimated to fall between USD 467 million and USD 1.64 billion between 2020 and 2030 (Office of the California Attorney General).
27% of large organizations have spent more than half a million dollars to become GDPR-compliant.

However, meeting compliance deadlines and adapting to evolving regulations remains a challenge.

Only 25% of companies surveyed said that they can meet the GDPR requirement to report a data breach to regulators no later than 72 hours after management becomes aware of it.

Only 37% of organizations have an information governance framework that can adapt to changing data privacy regulations.
Only two out of 10 privacy professionals surveyed reported they were totally confident in their organization’s privacy law compliance (International Association of Privacy Professionals).
17% of privacy professionals said their organizations did not practice privacy by design when building new applications and services.
The average number of days between when a breach was discovered and when it was reported was 50.
The average company has 534,465 files containing sensitive data.

Despite these hurdles, businesses are taking data privacy seriously.

98% of organizations report privacy metrics to their board of directors.

But the good news is that for many businesses, investing in privacy pays off.

95% of organizations agree that investing in data privacy pays off, with the average company seeing a return of 1.6 times. But 30% of them estimate their return is even higher, around 2 times.

Data privacy and artificial intelligence

As artificial intelligence (AI) technology advances, privacy concerns around generative AI (GenAI) will be unavoidable in 2025.

Many consumers are both concerned and skeptical about how their data is being used with the rise of AI.

78% of consumers believe organizations have a responsibility to only use AI in an ethical manner.
70% of consumers have little to no trust in companies to make responsible decisions about how they use AI in their products.
92% of users see GenAI as a fundamentally different business process that requires new techniques to manage data and risks.

In fact, one of the top concerns about generative AI is the potential privacy and data security risks it brings.

45% of non-GenAI users worried their search history could be exposed.

The second largest concern amongst US adults about generative AI is the accuracy of information it provides:

37% of US adults who are aware of GenAI worry about factually incorrect answers to questions.

As AI continues to gain momentum, privacy concerns are only increasing, especially regarding its use for collecting and processing personal data.

57% of global consumers view the use of AI in collecting and processing personal data as a significant threat to their privacy.
81% of those familiar with AI believe its use will lead to personal information being used in ways they won’t be comfortable with.
80% of those familiar with AI believe personal data will be used in ways it wasn’t originally intended.

Some organizations are already grappling with these challenges.

40% of organizations have experienced an AI privacy breach.

Despite these concerns, employees can be careless with their company’s information in their use of GenAI apps.

48% of organizations are entering non-public company information into GenAI apps.

5% of employees regularly post company data into ChatGPT, and over a quarter of that data is considered sensitive information.
4% of employees paste sensitive data into GenAI tools on a weekly basis.
The top categories of confidential information being input into the GenAI tools include:
- Internal business data: 43%
- Source code: 31%
- Personally identifiable information (PII): 12%

Recognizing these risks, many organizations are taking steps to limit the exposure of sensitive information.

63% of organizations have limited the types of data that can be entered into GenAI tools.
61% have limits on which GenAI tools can be used.
27% have banned GenAI tools altogether.

While there are legitimate concerns about AI, there is also a strong belief that AI can ultimately benefit consumers, especially if companies use it responsibly.

62% of Americans who’ve heard of AI believe that as companies use AI to collect and analyze personal information, it will be used to make life easier.
54% of users are willing to share their anonymized personal data to improve AI products and services.
73% of consumers believe AI can have a positive impact on their customer experience.

Organizations know that to build trust, they need to reassure consumers about how their data is being handled.

91% of organizations say they need to do more to reassure customers about how their data is used with generative AI.

Interestingly, companies that have deployed AI and automation in their security operations are seeing significant cost savings, illustrating how AI can also play a role in improving security.

Companies that deployed AI and automation to their security operations saved an average of USD 2.22 million per breach compared to those that didn’t use these technologies.

As generative AI continues to grow, concerns around data privacy and security will only increase. For businesses, this means taking proactive steps to provide transparency and protect user data.

Data privacy breaches

Unfortunately, data breaches continue to escalate in frequency and impact. This poses a significant risk for companies and consumers alike.

Personal customer information (such as names, email addresses, and passwords) is included in 44% of data breaches.
The cost of cybercrime is anticipated to reach USD 10.5 trillion annually by the end of 2025.
The estimated cost of cybercrime worldwide is expected to rise by USD 6.4 trillion (69.41%) between 2024 and 2029.

These figures demonstrate how the financial burden of data breaches continues to climb.

In 2024, data breaches continued to be an expensive challenge for organizations globally. The average cost of a breach increased by 12% from the previous year, reaching USD 4.62 million.
Phishing attacks became a common threat in 2024, accounting for nearly 30% of all breaches globally.
Phishing and business email compromise attacks are among the most frequent and costly, averaging USD 4.88 million per breach.

Certain industries remain particularly vulnerable to cyberattacks, with manufacturing and healthcare leading the way in breach frequency and financial loss.

In 2023, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. Over the course of the year:
- Manufacturing companies experienced nearly a quarter of the total cyberattacks.
- Finance and insurance organizations followed, with around 18%.
- Professional, business, and consumer services ranked third, with 15.4% of reported cyberattacks.

The healthcare sector remains particularly vulnerable. Last year, ransomware breaches in healthcare cost an average of USD 10.93 million per incident.

However, not all news is negative. More organizations are stepping up their response to data breaches by notifying customers and taking proactive measures to limit the damage.

A 2024 survey of US small business leaders and IT professionals found that over 90% notify customers after a data breach, while only 5% do not.

The positive aspects of investing in data privacy

Investing in data privacy has proven to be more than just a regulatory requirement. It’s a smart business decision with substantial financial benefits.

As consumers become more conscious of how their data is handled, businesses that prioritize privacy are seeing tangible returns.

From 2019 to 2024, overall spending on data privacy more than doubled.
Over 70% of business professionals report receiving “significant” or “very significant” benefits from their data privacy efforts.

The return on investment for data privacy efforts is also impressive.

Most companies see a very positive return on their privacy investment, and over 40% see benefits at least double their privacy spend.
For every dollar spent on privacy, the average company receives USD 2.70 in associated benefits.

Investing in privacy also creates stronger relationships with customers and improves overall efficiency.

80% of organizations report increased customer loyalty and trust as a result of their investments in data privacy.
In fact, 84% of consumers are more loyal to companies that have strong security controls.
78% report increased operational efficiency, agility, and innovation.

These statistics demonstrate the benefits of investing in data privacy. It not only helps companies stay legally compliant but also drives real, measurable benefits.

Data privacy software and technologies statistics

The rise in data privacy concerns has fueled significant growth in data privacy software and technologies. With increasing regulatory pressures and rising consumer awareness, organizations are turning to innovative solutions to stay ahead.

Here’s a snapshot of future trends in the data privacy technology market:

The global data privacy software market is projected to grow from USD 5.37 billion in 2025 to USD 45.13 billion by 2032 — a 35.5% compound annual growth rate (CAGR).
The US data privacy software market is expected to reach USD 17.19 billion by 2032.

As the market expands, smaller businesses are also jumping on board, contributing to the rapid adoption of privacy technologies across various sectors.

Small and medium-sized businesses (SMBs) are increasingly adopting consent management platforms, with this segment projected to grow at a CAGR of 10.6%.

Larger organizations are also stepping up their investments, integrating advanced privacy-enhancing techniques into their operations.

By the end of 2025, 60% of large organizations will use at least one privacy-enhancing computation (PEC) technique in analytics, business intelligence, and/or cloud computing to protect data in use.

Despite the sometimes hefty investment, most businesses know that it’s worth it.

95% of organizations say the benefits of investing in data privacy exceed costs.

Three key takeaways for privacy-conscious companies

Data privacy is more challenging than ever. Stricter regulations, rising consumer skepticism, and rapid tech changes mean businesses must keep adapting. To stay ahead, companies need to be transparent, treat privacy as a competitive advantage, and prepare for more regulations and the rise in AI.

Here are three key takeaways companies should keep in mind.

1. Transparency builds trust

It’s not enough to protect data, you need to show customers you’re doing it. Be clear about what data you collect, why, and how you use it. Write privacy policies people can actually understand, offer easy opt-out options, and treat customer data as a privilege, not a right.

2. Privacy is a competitive advantage.

It isn’t just about regulatory compliance, it’s a way to stand out. Strong privacy practices reduce risk and build customer trust, which benefits the bottom line. Create privacy-first products and systems, give users control over their data, and make privacy part of your brand. Customers are simply more loyal to companies they trust.

3. Companies need to stay ahead of new technologies

As AI and other technologies evolve, privacy must be a priority. Set ethical guidelines, do due diligence on new tools, keep AI practices transparent, and train your team to spot privacy risks and take precautions with day-to-day operations. Staying ahead of regulations is better than scrambling to catch up.

Do you know the best practices to be data privacy compliant?

As you’ve seen, you need to take data privacy seriously. But do you know how? We’ve compiled a list of best practices to help you with that.

Learn the best practices

Frequently asked questions

What is data privacy?

Data privacy is about keeping your personal information safe from people who shouldn’t see it. It means controlling who can access, use, or share your data.

How do you assess data privacy?

Assessing data privacy involves evaluating how personal data is collected, stored, processed, and shared to identify risks and comply with privacy laws like the GDPR. This process typically includes mapping data flows, analyzing privacy risks, reviewing security measures, and engaging stakeholders to strengthen protections and accountability.

What are the statistics for data privacy?

In 2025, consumer awareness of data privacy is higher than ever. 92% of Americans worry about their online privacy, and 76% say companies should do more to protect their data. Data breaches are also a major issue, with personal information like names and passwords exposed in 44% of cases, costing businesses millions each year.

What are the top 3 major data privacy risks?

The most significant data privacy risks are: large data volumes that are hard to protect, unclear data ownership creating security gaps, and evolving cyber threats targeting sensitive information. Data breaches also remain a major concern, as they can lead to financial losses, reputational damage, and legal issues.