Cloud Service Providers (CSPs) allow data owners to migrate their data to resource-rich and powerful cloud servers and provide access to this data by individual users. Some of this data may be highly sensitive and important and CSPs cannot always be trusted to provide secure access. It is also important for end users to protect their identities against malicious authorities and providers, when they access services and data. Attribute-Based Encryption (ABE) is an end-to-end public key encryption mechanism, which provides secure and reliable fine-grained access control over encrypted data using defined policies and constraints. Since, in ABE, users are identified by their attributes and not by their identities, collecting and analyzing attributes may reveal their identities and violate their anonymity. Towards this end, we define a new anonymity model in the context of ABE. We analyze several existing anonymous ABE schemes and identify their vulnerabilities in user authorization and user anonymity protection. Subsequently, we propose a Privacy-Preserving Access Control Scheme (PACS), which supports multi-authority, anonymizes user identity, and is immune against users collusion attacks, authorities collusion attacks and chosen plaintext attacks. We also propose an extension of PACS, called Statistical Privacy-Preserving Access Control Scheme (SPACS), which supports statistical anonymity even if malicious authorities and providers statistically analyze the attributes. Lastly, we show that the efficiency of our scheme is comparable to other existing schemes. Our analysis show that SPACS can successfully protect against Collision Attacks and Chosen Plaintext Attacks.