Trust in digital services has plummeted as consumers feel a greater onus to protect their data. And companies that violate their users’ privacy risk losing customers.
These are the findings of the 2025 Digital Trust Index, produced by French aerospace and defence company Thales. The report, which surveyed 14,000 consumers across 14 countries, paints a bleak picture for the levels of trust in most sectors. News and media was the least trusted sector, with only 3% of consumers trusting news media organisations with their personal data. It was followed by supply and logistics (4%), social media companies (4%), entertainment businesses (5%), retail organisations (5%), transportation (6%) and hospitality (7%).
It’s a pretty depressing state of affairs
Banking led the charts as the sector that consumers trusted most with their data (44%), followed by government (41%).
Without trust, businesses are going to struggle to develop their digital capabilities, says Rob Elliss, vice-president of sales for Thales across EMEA. “It’s a pretty depressing state of affairs,” he says.
Why has consumer trust in digital services waned?
With new, catastrophic data leaks and cyber attacks occurring all the time, perhaps it’s little surprise people distrust brands with their data. Most consumers expect companies to respect their data privacy.
“Privacy is much more in the public psyche than previously,” adds Elliss. “The majority of consumers expect a greater degree of transparency about what data is being collected and also a certain degree of sovereignty and ownership of their own data, including the ability to understand what’s been stored and have that deleted.”
While GDPR has strengthened protections over data usage, at the heart of this sliding trust in digital services is the sense that it’s up to the consumer – and not businesses – to safeguard their information.
Trust is so low because consumers feel that privacy is an uphill battle
Almost two-thirds (63%) of those surveyed believed that too much onus is placed on the consumer to protect their data. More than a third said they only share data when it’s absolutely necessary to access a product or service and 34% said they trusted organisations to use their data sensibly.
As anyone who’s tried to regain control of their data from the long list of data brokers hidden in the terms and conditions of any digital service will know, the path towards doing so is often circuitous and complicated, even though it is a requirement under GDPR.
“Trust is so low because consumers feel that privacy is an uphill battle,” adds Elliss. “Many people wouldn’t know where to start. Do you reject or accept cookies? There’s a fatigue that creeps in, in terms of getting things done.”
There needs to be a balance between data privacy and security versus ease of use, access and reliability of services, he adds.
The privacy opportunity
Some brands have understood that privacy is attractive to consumers. Apple has consistently developed new privacy features for its handsets since 2014, after its CEO Tim Cook highlighted the issue of consumer tracking in an open letter. Meta, which has previously been fined for violating data privacy rules in the EU, has since put greater emphasis on user privacy and introduced end-to-end encryption for chat services across Facebook Messenger and Instagram in 2023.
Consumers are rejecting brands precisely because of the excessive amount of data they feel is being gathered
But, despite consumer demand, few companies are focusing on data privacy as a key selling point. “A lot of consumers are rejecting brands precisely because of the excessive amount of data they feel is being gathered and the absolute lack of transparency as to where that data is heading and what’s being done with it,” says Elliss.
The banking sector – the most trusted sector in Thales’ report – might offer a route forward. Finance is heavily regulated and, as a result, legacy and challenger banks have had to demonstrate their security credentials to customers. “That is very visible to the public,” says Elliss.
He suggests companies and brands could make significant gains in consumer trust by following the examples of regulated industries. Organisations should demonstrate the steps they are taking to protect data, whether from cyber attacks or sovereign controls, and should offer customers ongoing access to their data, Elliss adds.
The question of how to protect personal data remains a problem. The need to create long and complex passwords was cited as a reason for switching brands by 16% of the consumers surveyed by Thales, while 31% admitted losing their patience when being forced to reset their password.
Organisations still need to govern access to data, systems and networks. While Elliss recognises there’s no panacea that guarantees data privacy, there are many technologies that don’t rely on passwords and provide user protection, such as FIDO tokens, pass keys and biometric authentication. He adds: “It’s about using commonly available technologies and making it clear to your customers what you’re using. Outside of highly regulated industries, I don’t think companies make enough noise about the measures they’re putting place to ensure your protection.
“If brands deployed more sophisticated authentication, security and privacy tools, that would rapidly lead to an increase in consumer trust.”
Getting your data house in order
As well as taking the steps to empower user access to their own data and strengthening privacy, businesses could simply keep less customer information.
There are a “remarkable” number of companies holding and processing sensitive data that don’t know where it resides or if it’s protected, according to Elliss.
Sometimes removing consumer data or opting not to request certain user details is the simplest solution. “That’s something we often overlook,” says Elliss. “You don’t have to protect all the data if you don’t actually need to hold it.”
Organisations seeking to win customer trust should start by getting their own data house in order. Understand where the data resides, protect it or simply delete it if it’s not required.
Where businesses do hold onto sensitive data or are otherwise reliant on it, they ought to know where it is and take “very visible” measures to protect and control access. This isn’t yet commonly understood at the enterprise or the consumer level right now, adds Elliss. But given the dreary consumer trust in digital services, perhaps that needs to change.
Trust in digital services has plummeted as consumers feel a greater onus to protect their data. And companies that violate their users' privacy risk losing customers.
These are the findings of the 2025 Digital Trust Index, produced by French aerospace and defence company Thales. The report, which surveyed 14,000 consumers across 14 countries, paints a bleak picture for the levels of trust in most sectors. News and media was the least trusted sector, with only 3% of consumers trusting news media organisations with their personal data. It was followed by supply and logistics (4%), social media companies (4%), entertainment businesses (5%), retail organisations (5%), transportation (6%) and hospitality (7%).
It’s a pretty depressing state of affairs
