Takeaways from the inaugural The Rise of Privacy Tech Virtual Summit
We held the inaugural The Rise of Privacy Tech Virtual Summit on June 24, 2020, and brought together privacy tech innovators, investors, experts, and advocates. Because many have asked, we are sharing our takeaways from the event.
The Summit agenda was carefully curated to serve the needs of privacy tech founders, investors, and advisors. We incorporated plenty of networking time to facilitate connections between founders, investors, advisors, potential customers, and privacy product advocates, beginning with a welcome reception, some 1:1 networking, and interactive roundtables.
We kicked off the event with a brief welcome message to the attendees, sharing our perspective on the rising privacy tech landscape; the key indicators of its rise; and the challenges that founders, investors, and expert advisors face in navigating this nascent field.
We had 4 main panels that addressed major challenges: fundraising and investing in privacy tech; avoiding privacy, legal, and policy pitfalls in navigating privacy tech; privacy engineering’s role in privacy tech; and privacy communications and PR. We also conducted interactive roundtables where attendees engaged in discussions on consumer privacy tech, tools that privacy pros wish existed, online privacy tools, and privacy communications and PR.
Panel 1 Takeaways: Fundraising & Investing in the Privacy Tech Landscape
Our first panel addressed the challenges of fundraising and investing in privacy tech. The fundraising and investing in privacy tech panel featured privacy tech investors, Jesus Salas (Omidyar Network Investor) and Mary D’Onofrio (Bessemer Venture Partner VP & Growth Investor) and privacy tech founders, Jason du Preez (Privitar CEO), Ben Brook (Transcend CEO), moderated by our founder, Lourdes M. Turrecha. Some takeaways are as follows:
Privacy debt is the new technical debt
Mary D’Onofrio shared Bessemer’s investment thesis on privacy tech, which can be summarized as “privacy debt is the new technical debt.” They see privacy tech addressing how to collect, safely store, and ethically use data. Bessemer’s Data Privacy Stack is illustrated in the following image:
Privacy tech is responsible tech
Jesus Salas shared a slightly different take on privacy tech, “We see privacy tech as a way to respect freedoms and, thus, is a category of responsible technology.” From his experience and own research, he sees privacy tech as covering encryption technology, biometrics and identity protection, data management and compliance, and privacy enhancing technologies (PETs) like differential privacy.
Privacy tech can help solve the complex data rights matrix
Jason du Preez noted that we need to acknowledge that individuals have a right over their data, but arguably so may other groups like society, bringing up the context of COVID-19. Jason posited, “If we want to effectively use data sets while respecting the data subject, how do we enable that data use while effectively protecting it? He sees a large part of the privacy tech landscape focusing on this problem, leveraging tools such as differential privacy.
Privacy tech is moving from compliance dashboards to engineering and data science tools
Ben Brook shared his observation on how privacy tech historically solved for the project management and workflow pains of legal and privacy offices. But because modern privacy laws like GDPR and CCPA also include demands from product and engineering teams, he believes that the new guard of privacy tech companies will build for both lawyers and engineers.
While privacy tech is largely B2B at this time, enterprise privacy tools can help improve consumer privacy
While consumer demand for privacy is increasing and more consumer privacy tech startups are popping up and getting funded, most privacy tech companies today remain in the B2B space. Ben Brook believes that B2B privacy tech companies will have a huge impact on how consumer privacy works, “Whether users will truly get better privacy is going to depend on B2B startups making it easy for their customer companies to offer more transparency and controls to users.” As companies mature their backend privacy infrastructure and improve their user-friendly privacy practices, we see advancements in consumer privacy tech too.
Panel 2 Takeaways: Navigating the Privacy Tech Landscape to Avoid Privacy, Legal, and Policy Pitfalls
Drawing from decades of experience working on privacy problems, leading privacy experts, Jules Polonetsky (The Future of Privacy Forum CEO & Israel Tech Policy Institute’s cofounder), Fatima Khan (Okta, Inc, Senior Corporate Counsel – Product and Privacy), Hilary Wandall (TrustArc SVP of Intelligence and GC), and Andy Roth (Privacy.com cofounder & Intuit CPO) shared their perspectives on how founders and investors can navigate the privacy tech landscape to avoid privacy, legal, and policy pitfalls.
Privacy is a highly regulated area that applies to privacy tech startups
Jules Polonetsky made the point about how privacy is a complex and highly regulated area. The speakers shared their perspective on how technology can help build solutions despite the complexity and regulation.
As a leader in one of the early privacy compliance companies, Hilary Wandall shared one of her goals: to take all the complexity and design technology that can simplify the way privacy requirements are presented. She cautioned founders to keep in mind the following legal risk that many privacy compliance tech startups unknowingly inflict upon themselves: claiming that their technology can certify compliance or provide privacy legal advice.
Along the same lines, Fatima Khan agreed that privacy tech startups shouldn’t be telling companies that their product complies with privacy laws, noting that these statements might work with unsophisticated buyers who are just trying to solve for checkbox compliance, but not with experienced privacy practitioners, who get turned off by such statements.
Privacy tech needs to go beyond privacy law limitations
Andy Roth shared how his current company ended up building a lot of proprietary tools for their privacy program because they needed something that goes beyond privacy compliance. He believes that one of biggest pitfall is getting caught up in the esoteric nature of privacy law. Instead, companies should invest in solutions that scale. This means building beyond what privacy laws like GDPR and CCPA specifically require.
Fatima advised privacy tech founders to build their products with plenty of choice and configuration. These are currently not available with many privacy products. She believes that there needs to be a shift in how privacy products are built from limited privacy law compliance, to user empowerment.
Privacy tech can help safeguard fundamental human rights
Jules pointed out that privacy involves fundamental human rights, launching a discussion on how privacy tech founders can and should acknowledge this in building their tools.
Hilary thinks that one way to acknowledge privacy’s fundamental rights aspect is by building tools that go beyond mere automation—tools that enable, instead, the balancing of societal benefits against risks. She noted how privacy is an area where risk has not been well understood or defined. The ethics of managing data effectively requires understanding data subject interests, company interests, and broader societal interests, and then balancing the risks and benefits in objective and subjective ways. She believes that there is a need for tech that helps support this understanding and balancing of privacy risks, not in a black and white way, but rather in a grey and nuanced way, thereby enabling scalability.
Panel 3 Takeaways: Privacy Tech & Privacy Engineering from the COVID-19 Use Case
In panel 3, we explored the role of privacy engineering in the privacy tech landscape, from the COVID-19 use case with Michelle Finneran Dennedy (DrumWave CEO), Lorrie Cranor (Carnegie Mellon University Cylab Director), Davi Ottenheimer (Inrupt Inc.’s VP of Trust and Digital Ethics), and our own founder, Lourdes M. Turrecha. Some of our takeaways are as follows:
Privacy tech startups need to practice comprehensive privacy engineering
Lorrie Cranor pointed out how when COVID-19 started, there was a lot of hope that tech will save us from the pandemic. However, we’ve ending up with tech that’s neither effective nor privacy-preserving. She advised founders to think of privacy engineering in all of its facets, not just from the technology side, but also considering the policy, law, and human sides. Founders need to be able to explain to people how their information is going to be used and build meaningful consent experiences. They need to think about how humans actually interact with their tools.
Privacy tech startups need to conduct scoping workshops
When asked what engineering mistakes less promising COVID-19 tools have made, Michelle shared that it all starts with not having a scoping workshop. Developers need to understand what their system is supposed to do. Privacy engineering scoping workshops help address a tool’s efficacy and privacy problems.
Privacy tech founders need to think of the long game
Davi made the important point that founders will have to come to terms with the fact that in the competitive landscape, the worst abusers of privacy have done very well. While this is frustrating, founders need to think of the long game. He believes that there will be reckoning and these abusers will ultimately be taken down. He encouraged founders to not be discouraged, to think of the long game, and to try to do the right thing.
Session 4 Takeaways: Privacy Communications & PR Workshop
Discernible CEO, Melanie Ensign, conducted a privacy communications and PR bootcamp for privacy tech founders and investors. She shared common communications pitfalls that we’ve seen some founders and investors make when first entering the privacy tech landscape, such as conflating privacy with security. She educated founders and investors on how they can avoid self-inflicted privacy communications risks, using specific stories from her previous roles.
The following are some important privacy communications and PR takeaways from her workshop:
Strategic communications build mutually beneficial relationships between organizations and their stakeholders.
Privacy tech founders should start with business goals and articulate the challenges they need to overcome as well as the opportunities they need to create in order to achieve them.
Founders should focus on outcomes by measuring output on its ability to impact those specific business challenges and opportunities. Press coverage is an output, not an outcome.
Founders and investors shouldn’t waste resources screaming into the void.
Our Gratitude to the TROPT Community
We wouldn’t have had a successful event if it weren’t for our advisors, speakers, sponsors, and attendees.
We thank our speakers who agreed to share their valuable time and insights with the Summit attendees: Mary D’Onofrio, Jesus Salas, Jason du Preez, Ben Brook, Fatima Khan, Hilary Wandall, Jules Polonetsky, Andy Roth, Michelle Dennedy, Lorrie Cranor, Davi Ottenheimer, and Melanie Ensign.
Many thanks also to our early advisors, Michelle Finneran Dennedy, Melanie Ensign, and Fatima Khan.
And certainly not the least, we are grateful to the community of founders, investors, and experts who came together to share their skills, resources, capital, expertise, and networks to fuel privacy innovation.
The Next Steps in Bridging the Gaps & Fueling Privacy Innovation
We are working closely with our existing advisors on prioritizing what’s next for The Rise of Privacy Tech. We already have some exciting ideas that we’re exploring. But because TROPT is for the privacy tech community, we’d love to continue to hear more directly from you.
What initiatives or projects would you like us to prioritize that can help you solve your pain points as a privacy tech founder, investor, or advisor?
We are also actively searching for experienced founder and investor advisors who share our goal of fueling privacy innovation. If you know of any amazing candidates, please send them our way.
You can reach us through firstname.lastname@example.org.