The world is awash with data and it’s growing exponentially. In 2012 around 2.5 billion gigabytes of global data was generated daily. By 2025 that number will balloon to 463 billion gigabytes per day¹, thanks to smartphones, autonomous cars, drones, wearables, 5G, and other new technologies.
Coupled with this growth we’ve seen an explosion in data breaches and irresponsible data practices. For instance, in 2005 there were 157 data breaches in the USA, exposing 67 million records. By 2014 data breaches were up by almost 500% to 783 incidents with 86 million records exposed. (note: the 2018 Cambridge Analytica scandal affected over 50 million users.)
In essence, the rate at which we’re generating data is outpacing the rate at which we’re becoming more responsible with it. And though these breaches involve lapses in cyber-security, they also highlight the need for us to prepare for and work through a transition to what may be a mostly post-privacy world.² This means we need tools and technologies that will encourage more responsible use of data while offering protections and liberties for consumers.
Privacy Tech Landscape
In an attempt to better understand the landscape of companies focused on data privacy, I mapped out 40+ privacy tech companies. These are businesses that have a significant component of data privacy baked into their business models.
Data here refers to any digital information generated and processed about an individual or group’s activity. And data privacy refers to the ability and rights to control your data, limit who can see it, and how it can be used.
This map is not exhaustive and it excludes cyber-security companies primarily concerned with preventing hacks rather than enabling more control and insightful leverage of data. I’ve also mostly excluded blockchain ventures since they mostly prioritise openness and public ledgers. Nonetheless, the map provides an overview of the vibrant activity in privacy tech.
Opportunities for Startups and Investors
There are 3 broad areas that relate to data privacy where startup and investment activity has been growing.
1. Consumer Liberty — This group includes the “Personal Data Economy” (enables consumers to profit from their data), “Privacy Assistants” (gives users access to privacy controls and/or the ability to aggregate data for personal insight), and “Private Communities” (safe online spaces and communities for private group interactions.)
Comment: This area is premature but evolving. 71% of consumers are happy to sacrifice data privacy for convenience. So maybe people just don’t care that much about privacy. But perhaps there’s an opportunity to empower users with insights across their fragmented data. This would require inter-operability and portability of data across digital platforms to drive novel use-cases e.g. imagine an app that allows you to garner aggregated insights from Spotify playlists, travel history, Facebook activity, weather data, and banking transaction history.
2. Regulatory Compliance — This group mostly relates to enterprise platforms that automate data governance and compliance with GDPR and other data privacy laws. For example OneTrust ($200m raised) helps enterprises automatically map data and meet subject access requests.
Comment: This is a maturing and crowded field. Few opportunities remain here and it’s dominated by the likes of OneTrust and BigID. This category was very popular when GDPR started being enforced. But now that most large businesses have their compliance needs satisfied through tech, and now that firms increasingly have an understanding of what data they hold, there will be opportunities to mine data not just more intelligently but also responsibly.
3. Privacy by Design — This group includes “Data Anonymisation and Synthesis” tools (enables safe data sharing so that insights can be drawn from a larger and richer pool of data — see examples in this FT article) and “Dev Privacy Tools” (tech for developers to create software with privacy by design).
Comment: In my view this is the area with the most untapped potential. We should expect more developer and data science tools that facilitate safe use of data at scale. And if we have successes here, consumer liberty companies are more likely to also flourish.
We might be heading to a post-privacy world for data, given how much of it we are generating and how increasingly, it will be impractical to wholly enact data privacy.
However, until society is ready to put in place mechanisms that protect individuals in a post-privacy world, efforts across privacy tech will be worthwhile for at least the next one or two generations.³
 Forecasts suggest there will be 44 trillion gigabytes of global data by 2020. This would amount to there being 40x more bytes of data than there are stars in the observable universe!
 Albert Wenger of Union Square Ventures makes a compelling case that technology progress is incompatible with data privacy. I agree with his arguments in part (my previous thinking on it here). This is because if anything, we are going to be forced into a post-privacy world by for example quantum computers, which could be used to retrospectively decipher data that was previously encrypted (see the WSJ article on this here.) Furthermore, all your activities in the future will generate so much data that it will be impractical to secure it all.
 Albert Wenger suggests we will get to a post-privacy world in one or two generations. At first this feels too soon, but actually it’s believable if you accept that technology is developing exponentially and the pace of change in social norms is not linear. (ps. a generation is around 25 years.)