40% of Americans Never Read The Data Privacy Policies They Sign

Most Americans are worried about how their personal data is being collected and used, but many never read the privacy policies they sign, according to new research.

A report on “Data Privacy in 2026” by Whistle Out surveyed 1,000 American adults about their cybersecurity habits and found that concern about digital privacy is widespread, but action is often lacking.

In a world where every website visited and every app downloaded requires users to accept terms and conditions, understanding what is being agreed to has never been more important — or more difficult. Personalized ads, social media algorithms, and GPS suggestions all rely on collecting large amounts of user data to function.

Whistle Out’s survey found that 92% of Americans are concerned about their personal data, including browsing history, location, and other information, being collected by websites and apps on mobile devices. But many respondents admitted they are not taking steps to secure themselves.

Concern extends beyond smartphones and web browsers. According to the report, Americans recognize that devices like smart speakers, doorbell cameras, and smart TVs also provide a window into their lives. Despite these concerns, many Americans are not reviewing privacy settings or permissions. About 41% never read the privacy policies of websites or apps before using them, 40% have never checked their phone’s privacy settings, and 23% do not monitor the permissions they grant to apps, including access to camera, contacts, or location. Only 20% always read the terms of use when downloading a new app.

Other security habits are also lacking. One in three respondents said they are unsure how to identify or protect themselves from online scams. Over half (52%) reuse passwords across multiple important accounts. Additionally, 21% do not regularly update their phone’s operating system, 44% have not secured their home Wi-Fi network, and 29% do not use antivirus or anti-malware protection.

How to Protect Your Personal Data

Whistle Out noted that ignoring data privacy can put Americans at risk because companies can collect, store, and sell personal information. This data can be purchased by advertisers, scammers, data brokers, or government agencies. For example, agencies like the National Security Agency (NSA), the Department of Homeland Security (DHS), and Immigration and Customs Enforcement (ICE) have all bought Americans’ data, and because it is commercially available, they do not need a warrant to access it.

Whistle Out says Americans can better protect their personal data online and reduce the risk of it being misused or accessed without their knowledge by taking several practical steps. They should use strong, unique passwords and avoid reusing them across multiple accounts, with a password manager helping generate and store secure options. Enabling two-factor authentication through an app, rather than relying on codes sent by text or email, adds an extra layer of security.

People should also regularly review and retract unnecessary app permissions and disable location tracking unless it is essential for the app’s function. Deleting old apps and accounts that are no longer in use prevents continued background data collection. Using a virtual private network (VPN) can encrypt internet activity and mask IP addresses, while limiting or rejecting browser cookies reduces the digital trail left online. Furthermore, keeping apps and operating systems up to date ensures the latest security patches are installed, and enabling built-in anti-robocall features helps block spam calls. Finally, users should be cautious when sharing financial information, opting for third-party payment systems like Apple Pay or PayPal to avoid exposing actual banking or card details.

The full report on “Data Privacy in 2026′ by Whistle Out can be read here.

Image credits: Header photo licensed via Depositphotos.