Venture Capital Sees Big Opportunities in Data Privacy
Privacy has three key drivers: legislation, brand risk, and opportunity. “On one hand, you see strong winds from a regulatory and compliance perspective,” notes WireWheel CEO Justin Antonipillai. “And virtually every company is trying to find a solution to make sure they’re compliant.”
But even absent legislation, few companies would forgo making sure that their brand is secure. That they’re doing “the right thing by their customers and building trust.” As Justin rightly notes, “You can ruin a brand really quickly if you don’t take care of your customers’ data and build that trust.”
There are powerful and “legitimate interest” use cases for using customers’ and other personal data maximally. And as Justin notes, “you have an incredible asset in some companies that aren’t really being used to solve customer problems.” And that speaks to opportunity.
Organizations in the data privacy space, and those companies (large and small) leveraging privacy platforms, have demonstrated that solving the maximal use/privacy-preservation challenge is not intractable. This too speaks to opportunity and has led to “an incredible influx of capital looking for technologies to really tackle this problem,” remarks Antonipillai.
To discuss privacy trends and opportunities from the venture capital vantage point, Justin hosted a panel of leading venture capitalists in the data privacy and security space at the June 2021 Spokes Privacy Conference. Joining Antonipillai for VC Investments in the Privacy Space: A View of the Present and Future Opportunity are:
- Eric Davis, Partner at AGC Partners that specializes in cyber security and privacy.
- Senior Vice President PSP Growth, Momei Qu, who notes that “privacy is a huge trend that affects almost all industries and functions on a global scale.”
- NEA Partner Aaron Jacobson who specializes in infrastructure software including DevOps AI, and cybersecurity inclusive of privacy, and
- Andrew McClure, Principal at ForgePoint Capital which focuses on cyber security and privacy
Why is VC Interested in Privacy?
We have a lot of conviction in solutions such as WireWheel’s that directly help with data privacy management solutions that ensure data is protected for particular use cases.
—Momei Qu, PSP Growth
PSP Growth’s “investment thesis didn’t start with privacy specifically, but rather, data broadly,” relates Momei Qu. “If you look at just the sheer amount of data produced today…projected to grow exponentially over the next several years, that has generated opportunities around tracking, processing, and interpreting. Beneath it all…privacy is the underlying current.
“The stakes are high” cautions Qu. “If you didn’t plan ahead and are caught flat footed,” not only is there the potential for fines and losing customer trust, but you also incur high costs in responding to these issues. And this directly hits your bottom line.
Perhaps even more importantly, effective privacy management is proving to, not just have bottom-line impact, but is demonstrably affecting top-line performance as well. In short, privacy is rapidly moving from cost to revenue.
McClure agrees with Momei. Compliance with legislation can be very costly, particularly as regulatory bodies begin to step-up enforcement. And while this has catalyzed investments in technologies that scale across different organizations – “the expectation is we’re going to see another multiple of expansion as businesses [look to scale] across the many different stakeholders” – the VC community is seeing that privacy affects the top line too. “There’s certain areas, like data security, that are viewed as a cost center. That’s not the case with privacy, ” says McClure.
Companies don’t really compete on cyber security, but we do see across certain verticals that organizations are starting to differentiate – and really compete as a brand – based on their privacy effectiveness. How they handle consumer data and how they build customer trust has become very important. Very large organizations are doubling down on the messaging in privacy to create value and drive topline revenue.
—Andrew McClure, ForgePoint Capital
Privacy’s Third Phase
“The way we’ve approached investing in privacy,” informs NEA’s Aaron Jacobson, “is similar to how we think about cybersecurity in general.”
Jacobson views the evolution of cybersecurity markets to have happened in effectively three phases:
- Understanding the risk
- Mitigating the risk, and once mitigated
- Enabling benefit and innovation
“Our investments,” continues Aaron, “were primarily driven by our belief that we’re really in those first two stages. Enterprises today need to understand where the risks are, where the data subject to privacy controls are, and how to comply with the hundreds of privacy laws that are rapidly being passed around the world.”
Jacobson’s “third phase” perspective is a view that is shared by many business leaders and privacy advocates. As FordDirect GC and CCO, Beth Hill opined, “I was very excited when I first met WireWheel and talked to other privacy tech providers because it means we are reaching a different phase of the evolution of this topic. One that will help us get to a more strategic place.”
It is still early days.
As an investment banker, Davis looks at the privacy sector through a slightly different lens. But like the venture capitalists, he readily sees the “fantastic opportunity in front of us,” especially as we enter privacy’s third phase.
It feels quite like early opportunities that I would liken to where we were in cybersecurity a decade ago. We’ve reached that stage where we recognize a huge challenge – consumers demanding greater privacy and tremendous friction from privacy regulations – and this creates a huge addressable market.
—Eric Davis, AGC Partners
“We’re quite early on the maturity curve,” continues Davis. For example, Eric notes a recent S&P Global 451 Research survey that found 81% of consumers are concerned about privacy, yet less than 10% of organizations today have dedicated privacy teams. “There’s a tremendous opportunity for growing this greenfield market.”
Emerging Privacy-Preserving Technologies are Aimed at Business Value-Add
How you unlock and drive business value becomes very important as this market evolves to where practitioners in different verticals have the challenges of not only managing data but gaining insights that drive increased business value. That’s what’s driving these techniques beyond the academic environment and into real production environments.
—Andrew McClure, ForgePoint Capital
NEA’s Arron Jacobson suggests three developments that will help secure privacy while delivering the maximal value from data assets:
- Encryption – especially around homomorphic encryption —another aspect of which is hardware-level encryption which is of particular interest to those advancing the use of non-fungible tokens as written about here
- The differential privacy space (A related area to this is synthetic data, discussed here.)
- The adoption of these privacy-preserving technologies will allow the management of sensitive data, not just as cost and risk, but rather as a way to unlock innovation and drive business value
The focus on technologies and techniques aimed at maximizing the value of data (including PII) while preserving privacy has seen significant funding recently along with additional rounds for companies that are scaling up. In fact, notes McClure, “in just the first half of this year, there’s been close to $10 billion” investment in the space, and “deal volume increased by over 25% year-on-year trying to keep pace with the market.”
New Technologies and New Use Cases
The critical question for business is ‘for what else can I use that data?’ Everybody knows you can use it to provide exactly the service that the consumer bought. But can you use it for other things? Can you use it to develop your next product? Can you use it to develop a better customer experience? Can you leverage it for other use cases?
The information you need to make those judgments is almost impossible to extract from a machine. You can’t see and know all of the acceptable uses by looking at machine output. It’s ambiguous and it’s not readable.
—Justin Antonipillai, WireWheel
The near-term technologies pursued by companies to obtain an edge, offers Jacobson, are “machine learning (ML) and learning how to create models that scale on petabytes of data.” It’s not just building the models. “It’s then deploying those models in production so that if, for example, a consumer comes to my website, I have a sophisticated model that can analyze them and personalize the website or the experience to optimize conversion on my website.”
The advantage of ML is in developing the model and the continued ability to use data to train and run the model in real time. Companies that embrace AI in this regard will achieve “a ton of value from their data.”
“I also get excited though about the use of existing technologies in new use cases”, enthuses Davis.
By way of example, he notes that a company in the data security space with capabilities around rights management, is redeploying their technology (which has been available for a decade or more) to help solve privacy challenges.
The company has retooled the tech to attach security directly to the data replete with centralized auditing and tracking of the data flow. This ability helps its customers be compliant with a whole host of regulations across the privacy landscape. They’re seeing this as a big driver of new business and repeat upsell business with existing customers.
“And that gets important – that gets interesting – to me as a banker,” says Davis. “There’s a lot out there, that I think can answer some of these pressing needs.”
It is important to note that as third-party cookies go away, and providers like Apple, Firefox, and Brave continue to advance privacy-preserving tools, focus on zero-party data is going to be crucial for companies to improve customer experience and protect the brand. But this does not solve for the privacy challenges discussed here which concern the aggregation of personal data for broader insights and developing new use cases.
Data Privacy, as Antonipillai often notes, is not just about privacy rights. It is increasingly a function of data governance, and perhaps more broadly, as the “third phase” implies: information governance. And as information governance professionals are keenly aware, data without value represent only cost, risk, and legal vulnerability.
Data privacy management – the platforms, technologies, and techniques – as discussed by this expert panel, while in “early days,” is clearly advancing beyond cost and risk mitigation and into value creation. The value that accrues to the organization, the consumer, and society at large.
The choice between data as risk and data as value-add is the organization’s to make. Momei is right. Don’t be caught “flat-footed.”