.svg)
Unlike in Europe, there is no federal requirement to display a consent banner in the U.S. Organizations that do so are typically responding to state-level regulations like CCPA, or making a proactive compliance decision in line with their privacy and compliance strategies.
Because U.S. banners operate under an opt-out model, meaning users who take no action are counted alongside those who actively accept, we choose to look at the acceptance rate, which combines the opt-in rate and the no-choice rate. It reflects the share of users who did not explicitly opt out.
With that in mind, what does a strong acceptance rate actually look like, and how does your state compare?
What the data says
Based on the data collected throughout 2025 in our 2026 State of Data Privacy Benchmark, here is what the numbers tell us:
Acceptance rates across the United States in 2025 range from 90.6% to 99.2%, depending on the state. The national average is 94.2%, with an average opt-out rate of 5.8%. Compared to the previous year's benchmark, the average acceptance rate has declined across the board.
This could be attributed to several factors, including the introduction of new state privacy laws, an increase in litigation and enforcement activity, and the natural evolution of our client base as more companies adopt consent management practices.
Among the states with the highest acceptance rates, we find:
- Iowa leading all states with the highest acceptance rate at 99.2% and the lowest opt-out rate at just 0.8%
- Virginia following closely at 98.0% acceptance (2.0% opt-out)
- South Dakota coming in at 97.5% (2.5% opt-out)
- West Virginia (96.8%), Oregon (96.6%), and Delaware (96.9%) also ranking among the highest acceptance states
At the other end, states with the lower acceptance numbers include:
- Wyoming records the lowest acceptance rate at 90.6% and the highest opt-out rate at 9.4%
- Maryland (91.2%), California (91.3%), Massachusetts (91.7%), and Hawaii (91.9%) also place among the states with lower acceptance rates
California is worth noting specifically. Despite its size and economic weight, it sits near the bottom of the national range at 91.3% acceptance and 8.7% opt-out, reflecting the CCPA's success in building genuine consumer awareness. Users in the state are both more likely to encounter meaningful consent choices and more likely to act on them.
What this means for you
If your acceptance rate is below the national average of 94.2%, or below the typical range for your state, there is likely room for improvement through better configuration decisions, such as the positioning of your banner, the clarity of your notice, how opt-out options are presented, and your overall consent and privacy experience.
As you work on improving your acceptance rate, there are two things that you should keep in mind.
- Compliance comes first: Some banner configurations may correlate with higher acceptance rates in our data, but they do not necessarily reflect compliant privacy practice. The two should never be traded off against each other. Always involve your legal team before making changes to your banner setup.
- Acceptance rates are shaped by many factors: Beyond banner design, your acceptance rate will be influenced by your industry, audience demographics, the devices your users are on, and the regulatory environment in the states where you operate. A rate that looks low on its own, may be normal in its market and context.
Ultimately, the organizations that consistently perform well on both the performance and compliance fronts are those that treat privacy as a design principle rather than a constraint.
What's next for consent banners in the U.S?
Data privacy continues to evolve in the U.S., and 2026 is expected to be its most critical year yet:
We're going to continue to see the U.S. move to a de facto opt-in regime not because of any single regulation, but more so the death by a thousand cuts.
Between CIPA enforcement, VPPA cases, children's privacy litigation, and general consumer protection trends, we'll reach a tipping point where >50%+ of U.S. websites will have consent messages prompting explicit opt-in, even when it's not legally mandated. It's not regulation driven, but more about risk management at scale.
- Brian Kane, Co-founder and COO at Sourcepoint by Didomi
That pressure is already materializing through specific, trackable vectors: CIPA class actions, VPPA litigation targeting video content, and a sustained wave of children's privacy enforcement. This is legal exposure that is pushing companies toward explicit opt-in consent well ahead of any formal mandate. The organizations best placed for what comes next are those building robust consent infrastructure now.
More about the state of data privacy in 2026
All of the data in this article comes from Didomi's 2026 State of Data Privacy Benchmark, built from real consent interactions collected across thousands of websites throughout 2025. It's the most detailed look we've done yet at how U.S. users respond to consent experiences, broken down by state, compared year-over-year, and put in context of the regulatory shifts changing.
If you want to see where your acceptance rate stands or get a clearer picture of where U.S privacy is headed, our data privacy benchmark is a good place to start.
