80+ Top Data Privacy Statistics for 2024

Data Privacy Statistics for 2024 Trends and Behaviors Explored

If you’re responsible for securing, managing, or processing personal information (e.g., customer or employee data), it’s important to stay up-to-date with current data privacy trends. 

The type of knowledge worth developing includes the prevalence and risks associated with personal data breaches, awareness of relevant privacy laws, the attitudes and concerns of customers, new and emerging areas of concern surrounding privacy (e.g., linked to smart devices and the Internet-of-Things), as well as best practice for personal data protection.    

To help you get a handle on all of this, here’s our rundown of recent data privacy statistics and key technical and regulatory developments shaping the privacy landscape. 

Importance of Data Privacy 

Data privacy is a branch of security concerned with protecting the confidentiality of, access to, and appropriate use of data. It is particularly important when it comes to safeguarding personal identifying information (PII) and other types of sensitive data. 

Data privacy statistics demonstrate that it’s something that consumers increasingly care about.  

Levels of Consumer / Internet User Concern Surrounding Data Privacy 

1. 83% of consumers either agree or strongly agree with the statement, “These days, I think about whether I trust a company to keep my information safe before I buy something from them.” 

2. 64% of consumers say they have opted not to work with a business because of concerns about whether they would keep their personal data secure. 

3. 82% of consumers say they are highly concerned about how their data is collected and used. 

4. More than half of consumers (57%) worry that brands use their data beyond intended purposes. 

5. Companies that demonstrate responsible data practices benefit from an increase in purchase intent of 23% compared to companies that cannot demonstrate those practices. 

6. In 2023, 58% of consumers say they are worried about being “hacked and tracked” through their devices, up from 41% in 2022.

7. 77% of internet users worldwide say they are worried about personal information being stolen

8. 75% of internet users worldwide say they are worried about personal information being used by companies for marketing purposes without permission.  

9. 68% of internet users worldwide say they are worried about personal information being used by the government without permission. 

Concerns Among Internet Users About Personal Information Being Online

10. In the US, the percentage of Democrat voters who say they are worried about how the government uses their personal data fell slightly from 66% to 65% between 2019 and 2023. In the same period, the share of Republican voters who expressed this concern grew from 63% to 77%

Change in Concern of American Citizens About Personal Data Usage by Government

Changes in Laws and Corporate Attitudes

11. The vast majority (71%) of countries now have data privacy legislation in place. 

12. In a 2021 survey of business leaders, 70% said their company increased the collection of consumer data over the previous year. 

13. 62% of business leaders said their organization should be doing more to strengthen existing data protection measures. 

14. 29% of business leaders said their company sometimes uses unethical data collection methods. 

15. In a 2023 survey of business leaders, 45% of US respondents said they were ‘very prepared’ to comply with state privacy law frameworks, compared to 59% in the previous year’s survey.  

16. In 2023, 40% of US businesses and 32% of UK businesses said they were very concerned about privacy laws that include specific restrictions on collecting and using data for targeted marketing. Litigation and enforcement actions were named as top concerns. 

17. 58% of businesses say they conduct regular staff training on data privacy. 

18. Just 34% of businesses have conducted data mapping and understand data practices across their organization. This suggests that many businesses may not have a full picture of what personal data they actually hold. 

Personal Data as a “Currency” in the Digital Economy 

19. An estimated 80% of apps use personal data for commercial ends. This includes activities such as serving you their own ads on other platforms, and in-app promotions for their own benefit and for third parties. 

20. According to pCloud, Facebook and Instagram are the brands that are most effective at collecting personal data and leveraging it for their own benefit. 

The Apps Collecting Your Personal Data for Their Own Benefit

21. Google ad revenue is a useful indicator of the value of personal data as a form of currency. In 2001, each Google user generated an average ad revenue of $1.07. By 2019, this had increased by around 1800% to $36.20

22. 53% of consumers regard their personal information as an asset for negotiating better prices and offers with companies. 

Private/Personal Identifiable Information Data Breaches 

Personal identifying information provides rich pickings for cybercriminals. The stats highlight that if an organization is hit by a data breach, there’s a very good chance that personal data will be compromised. 

Data Privacy Statistics - Breaches

23. Number of data records exposed worldwide from Q1 2020 to Q1 2023 shows consistent flux in both directions

PeriodNumber of data records exposed (in millions)
Q1 202068.99
Q2 202079.52
Q3 202010.09
Q4 2020125.74
Q1 202195.58
Q2 202119.42
Q3 202114.1
Q4 202119.33
Q1 20223.33
Q2 20225.54
Q3 202214.78
Q4 202210.45
Q1 20236.41
Number of Data Records Exposed Worldwide from Q1 2020 to Q1 2023

24. Check Point Research data illustrates how cyberattacks are becoming more prevalent worldwide. Cyberattacks increased by 38% in 2022 compared to 2021. 

25. According to SonicWall, there were 6.3 trillion intrusion attempts in 2022. 

26. 1 in 2 American internet users had their accounts breached in 2021. 

27. Verizon analysis suggests that for those organizations that suffered a data breach in 2022, personal data was disclosed to an unauthorized actor in more than 50% of cases

Types of Data Compromised Through Data Breaches 2022

28. IBM found that customer PII was the most commonly breached record type in 2023 (compromised in 52% of breaches), followed by employee PII (compromised in 40% of breaches). 

Type of Data Compromised in Data Breaches, 2021-2023

Most Affected Industries 

29. Organizations within the financial services and insurance sector are most likely to suffer a compromise of personal data (i.e., personal identifying information) when hit with a data breach. Between November 2021 and 2022, personal data was compromised in 74% of cases where finance and insurance organizations suffered data breaches. 

Compromised Data by Category and by Industry Worldwide November 2021 - October 2022

Cost of a Personal Data Breach 

30. According to IBM, the global average data breach cost in 2023 was $4.45 million - 15% more than in 2020. 

31. Customer PII is the most costliest data type for an organization to have compromised. In 2023, customer PII (e.g., names and social security numbers) cost organizations an average of $183 per-record when breached. Employee PII comes close behind at $181 per-record. 

Cost Per-Record of Data Breach by Record Type

32. In August 2023, US News & World Report commissioned a survey of 2,000 US adults who had been victims of identity theft. Of these, 34% reported financial losses between $100-$500. 15% reported losses greater than $1,000. 

Consumer Attitudes Towards Privacy 

Consumers are generally willing to offer up their data in exchange for access to services. However, they expect organizations to take care of it.  

General Attitudes to Data Privacy, Sharing, and Usage 

33. Globally, 53% of consumers agree that exchanging personal information is essential for the smooth running of modern society. In China, this rises to 82%.

34. Almost three in four global consumers think that data is their property and that they should be able to trade it if they wish.

35. Two-thirds of smartphone users worry about data security and privacy on their mobile phones in 2023 - up 13 percentage points from 2022.

Attitudes to Organizations’ Use of Personal Data

36. In 2022, The Global Data & Marketing Alliance (GDMA) estimated that nearly half (47%) of consumers across ten key global markets are ‘data pragmatists’: i.e., they are concerned about online privacy but will make trade-offs on a case-by-case basis as to whether the service or enhancement of service offered is worth the information requested. This is down from 51% in 2018. 

37. In 2022, GDMA estimated that 21% of consumers across 10 key global markets are data fundamentalists: i.e., they are concerned about online privacy and are unwilling to provide personal information, even in return for a better service. This is down from 23% in 2018. 

38. Across 16 countries, France has the highest proportion of data fundamentalists (26% of the population). China and India have the joint lowest (6%). 

Consumer Attitudes Towards Data Privacy (Across 16 Countries)

39. 27% of global internet users think that companies can track them, and 17% think that hackers can access their data, no matter what actions they take.

40. Of smart home technology service users, 62% worry about security and privacy in 2023 - up 10 percentage points from 2022.

41. Younger people are more relaxed than their elders regarding trusting companies with their data. Half of Gen Zs and Millennials say they trust online services to protect their data, compared with three in 10 older consumers. 

42. 60% of Gen Zs and Millennials think the benefits they generally get from online services outweigh their privacy concerns. Only four in 10 older consumers feel this way. 

43. 85% of consumers think device makers should do more to protect data privacy and security on their devices. 

Consumers’ Willingness to Take Action on Privacy       

44. Three-quarters of consumers think they should do more to protect their data privacy. 

45. 18% of consumers say they are unwilling to pay for software or services to increase their protection. 

46. 9% of consumers chose to buy a connected device they thought did not track them in 2023 - up five percentage points on the previous year. 

47. 9% of Americans always read privacy policies before agreeing to them. 36% never read them. 

How Often Users Read Privacy Policies (USA)

Privacy Laws 

Most jurisdictions now have comprehensive privacy laws in place. On the whole, businesses and individuals tend to regard the existence of such laws as a positive.  

The State of Data Privacy Law Adoption Worldwide 

48. As of 2023, 137 out of 194 countries have enacted data protection and privacy legislation. 

Data Protection and Privacy Legislation Worldwide

RegionCountries with legislation in place Countries with draft legislation in progressCountries with no legislationCountries with no data on the state of legislation available
Africa (54 countries)33 (61%)6 (11%)10 (19%)5 (9%)
Americas (35 countries)26 (74%)4 (11%)5 (14%)0 (0%)
Asia-Pacific (60 countries)34 (57%)7 (12%)15 (25%)4 (7%)
Europe (45 countries)44 (98%)0 (0%)0 (0%)1 (2%)

Organizational Compliance and Impact   

49. In 2023, 50% of US and UK organizations say they are “very prepared” to address data privacy laws. 

50. 55% of US and 45% of UK organizations say they are concerned about enforcement action surrounding the use of geolocation data. 

51. 50% of US and 36% of UK organizations are concerned about possible user litigation

52. 10% of UK organizations say data privacy regulations are a major impediment to cross-border business. 

Potential Organizational Benefits of Privacy Law Compliance

  • Valuable data is better safeguarded from theft and loss 
  • Greater trust from customers and investors 
  • Higher brand value 
  • A stronger competitive advantage 
  • A deeper understanding of the data organizations hold, its value, purpose, and benefits 
  • Improved data management and control 

53. In 2023, 79% of security professionals globally said that privacy laws positively impacted their organizations. 14% were neutral, and 6% said the laws had a negative impact. 

Corporate Attitudes to Privacy Laws Globally

Consumer Attitudes to Data Privacy Laws 

54. According to a 2023 Pew survey, 72% of US consumers say there should be more government regulation of what companies can do with their customers’ personal information. 7% say there should be less regulation. 18% say it should stay about the same. 

55. In 2023, 72% of US consumers say they have little to no understanding of current data privacy laws. This is up from 63% in 2019. 

Global Privacy Principles

Data privacy laws and data protection laws across the globe generally follow these five principles: 

Requiring organizations to advise users or customers of the procedures and policies they have in place to protect personal information.   
Choice and consent 
Requiring organizations to seek users consent and provide users with choices around how their data is collected, managed, and used. 
Access and participation
Individuals should have the right to access the data held on them, to rectify inaccuracies, to obtain copies, and to withdraw consent where that is the legal basis of data processing. 
Integrity and security 
Organizations must have adequate measures in place to ensure that data is secure and that there is no unauthorized access. 
Organizations may face regulatory intervention (e.g., enforcement notices and fines) if data privacy rights are breached.

Influential and Recent Privacy Laws 

Europe: (GDPR: General Data Protection Regulation)

GDPR came into force in 2018. It sets out the rights of European Union citizens concerning their personal data and explains what’s expected of organizations that control and process this data.

56. GDPR quickly became a model for other privacy law frameworks across the globe. 

57. At least 20 countries other than EU states have adopted laws that are significantly close to GDPR. 

58. Organizations across the globe are required to be GDPR-compliant if they control or process personal data relating to EU residents. Until May 2018, Fortune 500 companies spent an estimated $7.8 billion on GDPR compliance measures, with 40% spending more than $10 million.  

59. In 2021, European data regulators issued EUR $1.1 billion in GDPR fines, a sevenfold year-on-year increase.  

60. Between July 2018 and February 2023, a total of 1,576 GDPR fines had been issued by EU regulators. 

61. The highest average GDPR fines have been levied in the media, telecoms, and broadcasting sectors. The highest number of fines has been in the industry & commerce sector. 

GDPR Fines by Business Sector (May 2018 - March 2023)

India (DPDP: Digital Personal Data Protection Act)

India finally passed its long-awaited new data protection law - the Digital Personal Data Protection Act (DPDP) - in August 2023. Its commencement date is yet to be announced. The Act is broadly similar to GDPR, but with some notable divergences. 

62. With GDPR, the level of fines is partly dependent on the turnover of the organization. Under DPDP, penalties are turnover-agnostic. Maximum penalties for specific offenses range from approx. $6 million (Rs 50 crore) to $30 million (Rs 250 crore) for each breach.  

63. Unlike GDPR, DPDP does not give data subjects a right to claim compensation from an offending organization if there has been a breach of data protection obligations. 

64. DPDP prescribes duties on data subjects to provide verifiably authentic information - subject to fines (GDPR does not do this). Data subjects can also be fined for bringing frivolous complaints against organizations.  

California (CPRA: California Privacy Rights Act)

The new California Privacy Rights Act (CPRA) became operative on 1 January, 2023. This amends the existing California Consumer Privacy Act (CCPA) by adding new rights for data subjects. 

Existing CCPA rights 

  1. The right to know (request disclosure of personal information 
  2. The right to delete personal information 
  3. The right to opt out of the sale of personal information 
  4. The right to opt in to the sale of personal information
  5. The right to nondiscriminatory treatment for exercising data rights 
  6. The right to initiative a private cause of action for data breaches

Additional rights created under CPRA 

  1. The right to correct inaccurate personal information 
  2. The right to limit use and disclosure of sensitive personal information


China’s data protection and privacy framework is governed by three key pieces of legislation: 

The Personal Information Protection Law (PIPL) 

65. Effective as of November 1, 2021, this is China’s principal personal data protection law. 

66. Modeled partly on GDPR, PIPL sets out principles linked to consent for processing, cross-border data transfer rules, and rights of data subjects. 

Cybersecurity Law 2016 (CSL) 

67. This is China’s law aimed at ensuring enterprises that operate computerized networks have adequate cyber security measures in place. 

68. It includes personal information protection requirements, including requirements for multi-level cyber security protection, assessments, and inspection. 

Data Security Law (DSL)

69. A law setting out fundamental requirements for data security. 

70. It includes measures such as data categorization and classification, risk controls, and contingency responses.  

Best Practices for Protecting Personal Data 

Businesses and individuals now tend to take a range of measures to safeguard data privacy.  

What Steps Are Consumers Taking? 

71. Deloitte found that in 2023, 39% of consumers had turned off location-based services in the past year. This was the most popular measure consumers took to address privacy and security concerns. 

72. In 2023, 79% of consumers had taken at least one of 14 identified data protection measures (up from 71% in 2022). 

Percentage of Consumers Who Have Taken Steps to Address Privacy Concerns

What Steps are Organizations Taking? 

Privacy spending 

73. After steep increases from 2019 to 2020, annual organizational spending on privacy remained steady between 2021 and 2022. 

Average Annual Business Privacy Expenditure 2019-2022

Privacy metrics 

74. Security professionals report an average of 3.1 privacy metrics to their board. 

75. The most commonly reported privacy metrics are data breaches (41%), data protection impact assessments (39%), and incident response reports (37%). 

Privacy Metrics Most Commonly Reported to the Board by Security Professionals

Importance of privacy expertise for security professionals 

76. In 2023, a third of senior security professionals rank “Data privacy and governance” as one of their top three responsibilities. This highlights the value of data privacy knowledge for cyber security and infosec professionals seeking to progress into senior and leadership roles. 

Top Job Responsibilities Security Professionals

Specific data privacy measures adopted by organizations

77. In 2023, more than 70% of companies claim to always or frequently implement key data protection and security measures

Share of Companies Implementing Key Data Security and Privacy Measures

Future Predictions 

As an increasing number of businesses roll out IoT and AI-based initiatives, extra care needs to be taken to retain customer trust regarding what data is being harvested and what it’s being used for. 

Internet of Things 

78. The total installed base of IoT-connected devices is expected to reach 30.9 billion units worldwide in 2025, up from 13.8 billion units in 2021. 

79. Only 14% of consumers view smart devices as secure, despite 38% already using them.

Artificial Intelligence and Automated Decision-Making Using Personal Data 

80. 54% of consumers say they would be willing to share their anonymized personal data to help improve AI products and decision-making. 

81. 65% of consumers say they have already lost some trust in organizations as a result of their AI use. 

Recent Data Privacy News 

These examples highlight the financial and reputational repercussions of a failure to prioritize users online data privacy and protection. 

Meta’s Record-Breaking GDPR Penalty  

Meta was hit with a $1bn+ fine for transferring EU users’ data to the US for processing, in contravention of an earlier EU court ruling saying that this was unlawful.

TikTok’s Teen Privacy Dispute 

Data regulators in Ireland hit TikTok with a $360m+ fine for failing to take care of the private user data of its youngest users. However, the Chinese-owned video-sharing platform is fighting back…


There’s a clear quid pro quo arrangement in play when it comes to data privacy. 

From facial recognition-enabled door locks to personalized shopping recommendations, consumers love the type of digital innovation that makes life easier. And generally, many of us are willing to hand over large volumes of often very sensitive personal data to make all this happen. 

But at the same time, we’re increasingly likely to think twice before handing over this data: Who’s asking for it? Why exactly do they need it? And are they going to take care of it? If an organization is shown to play fast and loose with data privacy and protection, a loss of user trust (and revenue) is pretty much inevitable.  

For businesses, data privacy is a top priority for retaining user trust. And for information and cyber security professionals, it’s also important to remember that data privacy is not a niche concern that’s hived into very specific roles. If your work involves protecting an organization’s assets, privacy is definitely an area where it’s worth building a solid bank of knowledge. 

Frequently Asked Questions


  1. AAG: The Latest 2023 Cyber Crime Statistics, Report, 2023
  2. Check Point ‘Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks’ Article, January 2023
  3. Cisco: Consumer Privacy Survey, 2023
  4. Cisco: Data Privacy Benchmark Study, 2023
  5. CMS: 5 Years GDPR Report, 2023
  6. Data Guidance: China - Data Protection Overview, October 2023
  7. Deloitte: Connected Consumer Survey, 2023
  8. Deloitte: ‘Data privacy and security worries are on the rise, while trust is down’, Article, 2023
  9. DLA Piper: GDPR fines and data breach survey, January 2022
  10. Economic Times: Data Protection Bill, Article, 2023
  11. Emarsys: GDPR Compliance, How it’s Affecting US Companies, Article, 2018
  12. GDMA: Global Consumer Attitudes Survey, 2022
  13. IBM: Cost of a Data Breach Report, 2023
  14. IBM: Survey, Consumer Attitudes Towards Data Privacy, 2019
  15. Infosecurity Magazine: Global IoT Trust Survey Reveals Security Concerns, Article, 2023
  16. Ketch: The Person Behind the Data, Report, 2022
  17. KPMG: Data Privacy Survey, 2021
  18. LR Foundation: World Risk Poll, 2021
  19. pCloud: Invasive Apps Report, 2021
  20. Pew Research Center: Americans and Privacy, Report, 2019
  21. Pew Research Center: How Americans View Data Privacy, Article, October 2023
  22. PwC: Global Digital Trust Insights Survey, 2023
  23. Reed Smith: The fourth anniversary of the GDPR, How the GDPR has had a domino effect, Article, 2022
  24. SonicWall Cyber Threat Report, 2023
  25. Statista: Commonly Compromised Types of Data by Industry
  26. Statista: Internet of Things and non-IoT active device connections worldwide from 2010 to 2025
  27. Statista: Number of Data Breaches Worldwide 2020-2023
  28. UNCTAD: Data Protection and Privacy Legislation Worldwide, Report
  29. US News & World, Identity Theft Survey, 2023
  30. Verizon: DBIR Report, 2023
  31. Womble, Bond, Dickinson: Growing Global, 2023 global data privacy survey report

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Gary Smith

    Gary spends much of his working day thinking and writing about professional and personal development, as well as trends and best practice in IT recruitment from both an organizational and employee perspective. With a background in regulatory risk, he has a special interest in cyber threats, data protection, and strategies for reducing the global cyber skills gap.

  • Mike says:

    Very informative, It is a pity Recruiters (Agencies, Private and Public Sector Employers) don’t refrain from demanding more and more P.I.I (often very intrusive and unnecessary) at the application stage.

  • >