Data Privacy Statistics 2026: What Consumers Want

Data privacy has moved from a niche worry to a mainstream demand. Pew Research found 79% of Americans are concerned about how companies use their data, and 73% feel they have little or no control over it. Cisco reports that more than 75% of consumers will not buy from a company they do not trust with their data, and 49% of people aged 25 to 34 have already switched providers over data practices. Regulators are responding with force: cumulative GDPR fines have passed EUR 6.11 billion since 2018, and the average data breach now costs USD 4.88 million, per IBM. The statistics below show a clear gap between what people expect and what most apps and companies actually do.

These numbers matter more in 2026 because almost every task now flows through a phone. People scan IDs, sign contracts, store receipts, and photograph documents inside apps they barely vetted. Most of those apps collect more than users realize, and many sell or share that data with third parties.

This post covers 16 verified statistics on data privacy, spanning consumer concern, willingness to switch, app data collection, regulation, fines, and trust. It is written for anyone who handles sensitive paperwork on a phone. Here are the 16 numbers worth knowing.

1. 79% of Americans are concerned about how companies use their data

79% of US adults say they are at least somewhat concerned about how companies use the data collected about them, according to Pew Research Center. This is not a fringe anxiety. Roughly four in five people across age groups, incomes, and political lines share the worry. The same study found concern about government data use rising too, from 64% in 2019 to 71% in 2023. The consistency matters because it tells app makers that privacy is a baseline expectation, not a feature for a small segment. People may still tap "agree" out of habit, but the underlying unease is widespread and growing. For any product that touches personal documents, this number sets the bar: trust is now the price of entry, and most users assume the worst until shown otherwise.

Source: Pew Research Center - How Americans View Data Privacy

2. 73% of Americans feel they have little or no control over their data

73% of Americans say they believe they have little or no control over what companies do with their personal data, Pew Research Center reports. This sense of powerlessness is the heart of the modern privacy paradox. People care deeply, yet feel the outcome is out of their hands once they hit install. The figure has barely improved across years of new privacy tools and settings menus, which suggests the controls on offer are not reaching ordinary users. When people feel they cannot win, many stop trying and accept surveillance as the cost of using a phone. That resignation is exactly what privacy-respecting products can break. An app that simply never collects the data in the first place gives control back by default, without asking the user to manage a dashboard they will never open.

Source: Pew Research Center - Key findings about Americans and data privacy

3. 67% of Americans understand little or nothing about what companies do with their data

67% of Americans say they understand little or nothing about what companies actually do with their personal data, up from 59% in a prior Pew Research Center survey. Understanding is going down, not up, even as data practices grow more complex. This gap is dangerous because consent without comprehension is consent in name only. People agree to terms they cannot parse, then are surprised when their information surfaces in ad targeting or a breach notice. The trend also explains why transparency claims often fall flat: a longer privacy policy does not help if users cannot follow it. The honest alternative is to reduce what needs explaining. When an app keeps processing on the device and never uploads files, there is far less to disclose, and far less that can go wrong behind the scenes.

Source: Pew Research Center - How Americans View Data Privacy

4. More than 75% of consumers will not buy from a company they do not trust with their data

More than 75% of consumers say they will not purchase from an organization they do not trust to handle their data, according to the Cisco 2024 Consumer Privacy Survey. Privacy has become a purchase requirement, not a nice-to-have. Cisco frames this as the rise of the "Privacy Active" consumer, someone who acts on data concerns rather than just voicing them. The implication for businesses is direct: poor data practices now cost sales, not just goodwill. Cisco also found that informed consumers feel far more confident protecting their data, 81% versus 44% for the uninformed. That confidence gap shapes buying behavior. For document and scanner apps in particular, where the files involved are often sensitive, trust is the deciding factor between a download and a hard pass.

Source: Cisco - 2024 Consumer Privacy Survey

5. 49% of consumers aged 25 to 34 have switched companies over data practices

49% of consumers aged 25 to 34 have already switched companies or providers over their data policies or data-sharing practices, Cisco reports, compared with just 18% of those aged 75 and over. Younger users do not merely complain about privacy; they leave. This generational divide is a leading indicator, because the 25-to-34 group sets the norms that older cohorts follow over time. Cisco also found this same group is the most aware of its privacy rights, at 64% versus 33% for those 65 and up. Awareness drives action, and action drives churn. For app makers, the lesson is blunt: the most valuable, longest-lifetime users are the ones most likely to abandon a product that mishandles data. Privacy is not a cost center here, it is retention. Losing trust with this cohort is expensive and hard to reverse.

Source: Cisco - 2024 Consumer Privacy Survey Report

6. 68% of consumers do not trust companies to ethically sell their data

68% of consumers do not trust companies to sell their personal data ethically, and 54% do not trust companies to use their data ethically, according to KPMG's Corporate Data Responsibility survey. The same research found 97% of American consumers say data privacy is important to them, and 87% describe it as a human right. These figures expose a deep trust deficit. People now treat their data as something owned, not surrendered. The "human right" framing in particular signals that consumers expect protection by default, the way they expect a building to be safe. KPMG also found 83% would not willingly share their data to help businesses build better products. That refusal limits the data companies can ethically gather, and rewards products that work well without harvesting personal information at all.

Source: KPMG - Corporate Data Responsibility: Bridging the consumer trust gap

7. 70% of business leaders increased their collection of consumer data in the past year

70% of business leaders say their companies increased the collection of consumer personal data over the prior year, KPMG found, even as consumer trust falls. This is the core tension of the data economy: companies want more data exactly as users want to give less. The same survey exposed a transparency gap. 76% of consumers want more clarity about how their data is used, yet only 53% of business leaders say their company shows how that data will be used. More strikingly, 29% of business leaders admitted their company sometimes uses unethical data collection methods, and 33% said consumers should be concerned about how their data is handled. When a third of insiders tell you to worry, the worry is justified. The safest position for a user is an app that simply collects nothing to begin with.

Source: KPMG - Corporate Data Responsibility survey

8. About 50% of free iOS apps admit to collecting user data

Around 50% of free-to-download iOS apps reported that they collect private data from users, while only about 13.5% of paid iOS apps admitted the same, according to Statista data from September 2024. The split is revealing. When an app is free, your data often is the product. Apple's own App Privacy labels surface some of this, but researchers have found the labels frequently understate reality. One study cited that 97% of apps carrying a "Data Not Collected" label had a privacy policy indicating otherwise. So even the disclosures meant to protect users can mislead them. For document scanners, the stakes are higher than for a game or a flashlight, because the data in question is contracts, IDs, and financial records. A free scanner that monetizes data is a poor trade when the files are this sensitive.

Source: Statista - iOS apps admitting to collect data from global users 2024

9. The average Android app contains 5.4 third-party trackers

The average Android app contains about 5.4 tracking libraries that share data with advertising and analytics networks, based on Oxford University and Exodus Privacy research. Roughly 79% of free Android apps carry at least one third-party tracker. These trackers run quietly in the background, sending usage data, identifiers, and sometimes more to companies the user has never heard of. The scale is hard to overstate: Exodus Privacy maintains a public database of more than 279,000 analyzed Android apps. Individual apps can be far worse than the average; analysts have documented popular titles bundling dozens of trackers and requesting more than a dozen permissions. Every tracker is a potential leak and a potential profile builder. An app with zero trackers and no account is the cleanest possible counterexample, and it is increasingly what privacy-aware users look for before installing.

Source: Android Authority - Your favorite Android apps might hide dozens of trackers

10. 56% of Americans click "agree" without reading privacy policies

56% of Americans say they always, almost always, or often click "agree" without reading a privacy policy, Pew Research Center found. The reason is not laziness alone. 61% think privacy policies are ineffective at explaining how companies actually use data, and 69% view them as just something to get past. The documents meant to inform consent have become an obstacle people route around. This breaks the entire premise of notice-and-consent privacy, since agreement based on an unread, unreadable policy is hollow. The finding also shifts responsibility onto the product. If users will not read the fine print, then the only honest protection is to design the app so the fine print does not hide anything alarming. Collecting nothing means there is nothing buried in paragraph 14 that the user needed to catch.

Source: Pew Research Center - Key findings about Americans and data privacy

11. No industry earns more than 44% consumer trust for data protection

No industry reached a 50% trust rating for protecting consumer data, McKinsey found, with healthcare and financial services tied at the top with just 44%. Consumer-packaged-goods and media companies scored around 10%. Even the most trusted sectors fail a majority of their customers on data protection. McKinsey also found that about half of consumers are more likely to trust a company that asks only for information relevant to its product, and that many will stop buying from a company that violates digital trust. The pattern is consistent: minimal collection earns trust, and breaches destroy it. For app developers, the takeaway is that "everyone collects data, so users expect it" is a myth. Users tolerate it, but they reward the rare product that asks for less. Data minimization is now a competitive advantage, not just a compliance checkbox.

Source: McKinsey - The consumer-data opportunity and the privacy imperative

12. Data protection laws are now in effect in 144 countries

Data protection and privacy laws were in effect in 144 countries as of late 2024, according to the IAPP and related global directories. By broader counts, roughly 6.6 billion people, about 80% of the world's population, are now covered by some form of data privacy legislation. Privacy regulation has gone from a regional experiment to a global default in under a decade, driven largely by the "Brussels effect" of countries modeling laws on the EU's GDPR. The second half of 2024 alone added new laws in countries including Ethiopia, Malawi, and Moldova. For businesses, this means privacy compliance is no longer optional or location-specific; it follows users everywhere. For consumers, it signals that legal expectations have shifted permanently. Apps built to respect privacy from the ground up are simply aligned with where the entire world is heading.

Source: IAPP - Data protection and privacy laws now in effect in 144 countries

Total GDPR fines reached approximately EUR 6.11 billion across about 2,685 penalties as of early 2026, according to the CMS GDPR Enforcement Tracker. In 2024 alone, regulators issued roughly EUR 1.2 billion in fines. Enforcement is real money, not symbolic warnings. The fines have also spread beyond big tech into financial services, energy, and other sectors, showing that no industry is exempt. Ireland leads all enforcers with around EUR 3.5 billion issued since 2018, reflecting its role as EU home base for many large platforms. For any company handling EU residents' data, these numbers reframe privacy as a balance-sheet risk. Mishandled personal data can become a multimillion-euro liability overnight. The cheapest way to avoid that exposure is to limit what data an app holds in the first place, since data you never collect cannot trigger a fine.

Source: CMS - GDPR Enforcement Tracker Report: Numbers and Figures

The single largest GDPR fine to date was EUR 1.2 billion, imposed on Meta Platforms Ireland by the Irish Data Protection Commission in 2023 over unlawful transfers of personal data. This was the first GDPR penalty to cross into the billions, and it reset expectations for what data mishandling can cost. The case centered on how personal data was moved and stored, not a dramatic external hack, which underscores that routine data flows can carry enormous legal risk. A penalty of this size sends a message far beyond one company: regulators are willing to act against the largest players in the world. For smaller developers, the lesson is about architecture, not scale. Products that keep data on the user's own device sidestep the transfer and storage questions that produced this fine entirely. The safest data flow is the one that never leaves the phone.

Source: Termly - Biggest GDPR Fines and Penalties

15. The average data breach now costs USD 4.88 million

The global average cost of a data breach reached a record USD 4.88 million in 2024, a 10% jump from the prior year and the largest spike since the pandemic, according to IBM's Cost of a Data Breach Report. Healthcare breaches were the most expensive for the 14th year running, averaging USD 9.77 million. The report found that 70% of breached organizations suffered significant or moderate operational disruption. Lost business, customer support such as credit monitoring, and regulatory fines were among the biggest cost drivers. Every record a company stores is a record that can be stolen and must be paid for if it leaks. These same risks help explain why mishandled personal documents are so dangerous; stolen IDs and financial records fuel downstream fraud. To understand that fallout in depth, see our roundup of identity theft statistics, which traces what happens after sensitive data escapes.

Source: IBM - Cost of a Data Breach Report 2024

16. California has issued CCPA settlements from USD 375,000 to USD 1.2 million

California has secured CCPA settlements ranging from a USD 375,000 penalty against DoorDash in 2024 to a USD 1.2 million fine against Sephora in 2022, both centered on the unlawful sale of consumer personal information without proper opt-out. The California Attorney General has made clear that "sale" is broad: exchanging personal data for any benefit, including wider ad reach, can count, even without money changing hands. That interpretation sweeps in many common data-sharing arrangements that companies assumed were safe. Settlements also require multi-year compliance programs, adding ongoing cost beyond the headline fine. For app makers, the message is that quietly passing user data to "marketing co-ops" or ad partners is now legally risky in the United States, not just in Europe. Products that never share or sell user data avoid this category of liability altogether.

Source: Taft - California Delivers to DoorDash $375,000 Civil Penalty

What These Data Privacy Statistics Reveal Together

The data tells one consistent story: people want privacy, feel they cannot get it, and increasingly act when companies fail them. 79% are concerned, 73% feel powerless, and 67% do not understand what happens to their data. Yet the same consumers will walk away from brands they distrust, and the youngest, most valuable users walk first. Concern has turned into behavior.

For individuals and small businesses handling documents, the practical lesson is to assume any app that uploads your files is also profiling them. Free scanner apps in particular average dozens of trackers and frequently collect data their labels deny. The sensitive nature of scanned contracts, IDs, and receipts makes that trade especially bad. Minimizing what leaves your device is the single most effective privacy step you can take.

The trajectory is clear. Regulation now covers 80% of the planet, fines run into the billions, and breach costs hit new records every year. Both law and consumer sentiment are pushing toward data minimization and on-device processing. The products that win the next decade will be the ones that simply collect less, because collecting less is becoming both the safe choice and the expected one.

Privacy is no longer a feature users hope for; it is a requirement they enforce with their wallets and their downloads.

Turn Sensitive Paperwork Into Sharp, Searchable PDFs

Every statistic above points to the same reality: the contracts, IDs, and receipts that fuel the fines and breaches in this report are exactly the documents you most need to digitize cleanly and keep close.

Filewise is the fast, reliable scanner professionals use to get that job done. It turns contracts, IDs, and receipts into sharp, searchable, professional multi-page PDFs in seconds, running scanning and OCR text recognition directly on your iPhone so your files stay on the device you already carry. With on-device OCR, a built-in e-signature, and Face ID to lock your most sensitive scans, you get a professional digital copy reliably, every time.

Join the Filewise waitlist and turn sensitive paperwork into sharp, searchable PDFs right on your iPhone.

Filewise is launching soon - the fast, reliable PDF and document scanner for iPhone, built for professionals.

Join the Filewise Waitlist

On-device OCR · Face ID security · Launching soon on iOS

Frequently Asked Questions

How many people are concerned about data privacy?

According to Pew Research Center, 79% of Americans are concerned about how companies use the data collected about them, and 73% feel they have little or no control over it. KPMG found that 97% of US consumers say data privacy is important to them, and 87% consider it a human right. Concern about data privacy is now mainstream across nearly every demographic group.

Do people actually switch products over privacy?

Yes. The Cisco 2024 Consumer Privacy Survey found that 49% of consumers aged 25 to 34 have switched companies or providers over data practices, and more than 75% of consumers say they will not buy from a company they do not trust with their data. Younger, higher-value users are the most likely to leave, making privacy a direct driver of customer retention.

How much do data privacy violations cost companies?

Cumulative GDPR fines have passed EUR 6.11 billion since 2018, with about EUR 1.2 billion issued in 2024 alone, per the CMS Enforcement Tracker. The single largest fine was EUR 1.2 billion against Meta. Separately, IBM reports the average data breach now costs USD 4.88 million globally, and US regulators have issued CCPA settlements from USD 375,000 to USD 1.2 million.

How much data do mobile apps collect?

Statista found that about 50% of free iOS apps admit to collecting user data, versus roughly 13.5% of paid apps. Research from Oxford University and Exodus Privacy shows the average Android app contains about 5.4 third-party trackers, and 79% of free Android apps carry at least one. Free apps tend to collect the most data, because user data is often how they make money.