DataGrail’s 2025 Data Privacy Report: Surging Consumer Demands and Rising Business Costs

Consumers are reclaiming their control of their personal data like never before, and businesses are feeling the impact. 

Our newly released 2025 Data Privacy Trends Report reveals that data deletion requests have soared, privacy expectations are rising across the globe, and most organizations are not honoring consumer consent—resulting in rising compliance costs for organizations.

Key findings from the 2025 Data Privacy Trends Report:

• Data deletion requests are surging, rising 82% year-over-year, surpassing access and do not sell requests for the fourth consecutive year.
• Compliance costs are skyrocketing, largely due to the manual processing of Data Subject Requests (DSRs). Managing DSRs now costs businesses an estimated $1.26 million annually per 5 million unique website visitors—a 43% increase over 2023.
• “Do Not Sell” (DNS) requests are gaining significant traction, with an increase of 37% over 2023. This increase is worth noting as organizations face heightened scrutiny from bodies like the California Privacy Protection Agency (CPPA), which has focused litigation on ensuring companies honor these opt-out requests. 
• New state laws are driving more action. Seven new U.S. state laws went into effect in 2024. As a result, 41% of DSRs in 2024 came from states with active privacy laws – an increase of 229% from the 12.5% of DSRs we received from states with active privacy laws in 2023.
• 69% of businesses violate consumer consent. Despite consumers setting their opt-out preferences, businesses continue to deploy tracking cookies, risking fines, lawsuits, and damage to their brand. 

The Growing Cost of Data Privacy

The growing consumer demand for data privacy, particularly data deletion, is challenging businesses to adapt. Unlike access requests, deletion requests are complex and resource-intensive, pushing annual compliance costs higher than ever.

Businesses must modernize their privacy operations to avoid falling behind—or worse, facing regulatory penalties.

Law or No Law, Consumers Expect Privacy Globally

Around the world, consumer demand for control over personal data is seeing momentum. Globally, 31.5% of DSRs came from countries without privacy laws. In the U.S., 46.5% of requests were made by people in states that didn’t have privacy laws in effect.

Consent Noncompliance Continues to be an Issue  

Despite the rise in privacy requests, many organizations are still falling short. 

DataGrail’s audit of 5,000 websites found that 69% of businesses deploy three or more tracking cookies even after users opt out. This widespread noncompliance exposes businesses to:

• Regulatory action
• Lawsuits
• Reputational damage

Data Brokers Under Fire

Data brokers received the highest volume of privacy requests in 2024. Legislation like California’s Delete Act has put these organizations in the spotlight, alongside concerns over AI, data breaches, and political instability – all of which are contributing to increased consumer action.

The Takeaway: Proactive Privacy is Essential

The era of passive data privacy is over. With deletion requests skyrocketing, compliance costs rising, and enforcement intensifying, brands must move from reactive to proactive privacy strategies. The businesses that succeed will be the ones that treat privacy not just as a legal requirement, but as a core part of the customer experience.

DataGrail’s 2025 Data Privacy Trends Report offers critical insights into key trends and how businesses can stay ahead in this shifting landscape. Download the full report to learn more.