The Rise of Privacy Tech: Defining the Privacy Tech Landscape 2021
Last month, the Rise of Privacy Tech (TROPT) published their foundational white paper to define and fuel the nascent market of privacy tech. I was a part of the working group that met together over a span of eight months to create this resource for the key players in privacy tech: founders, investors, domain experts, and buyers.
Thanks to the impressive leadership of TROPT CEO Lourdes Turrecha, the white paper pulls together important concepts from privacy pioneers and luminaries, and explores the role of privacy tech throughout data and development lifecycles.
The white paper is available here (without having to provide any personal information to download - leading by example).
Last week, I joined Lourdes for a public discussion about the white paper and to share some of my thoughts about the current state of communications in the privacy tech market. This blog post is a summary of the key takeaways. You can watch the full recording of our conversation here.
Words matter
Creating good websites is really hard. I get it. That’s why I partner with trusted experts when advising clients on the navigation and design of their public sites. What I do know are words and how the privacy community responds to them.
Sadly, the majority of copy on B2B privacy tech websites serve up the exact same flavor of bland alphabet soup no matter what their products actually do. This makes it really hard for the right prospects to find you and understand how you can help them.
From your home page, visitors should be able to immediately discern the following:
The specific privacy tasks or jobs your product handles
What (honestly) sets your technology apart from everyone else (including in-house solutions)
Where it fits in a typical tech stack
Any non-privacy benefits to help secure buy-in from other stakeholders
Additionally, visitors should be able to easily locate the following from your navigation bar:
Technical documentation
Privacy policies and practices (unless you’re one of those privacy tech companies that doesn’t believe in what you sell)
Security certifications and attestations
Think like an ethnographer
Effective communication in any context is not only about knowing the words we use, but also how well we understand the customs and norms of the culture. As the privacy tech community grows and evolves, so does our culture. What was once considered the ugly duckling of legal departments, is now launching a thousand ships inside engineering, data science, and marketing organizations. Organizations are spending significant resources to support the likes of Enigma, SOUPS, and TROPT Data Privacy Week, which bring together cross-functional privacy practitioners. At events like these, you’ll learn which privacy pain points still aren’t being addressed by existing solutions, how technical teams evaluate technical solutions, and how privacy leaders allocate resources.
The best way to get to know the privacy tech community and what makes us tick is to join us in building direct relationships with individuals leading, influencing, and participating in privacy work. This includes engaging with the members of privacy-focused groups like TROPT as well as groups like USENIX whose members are often engaged in privacy tech work even if they don’t identify as privacy professionals.
There is a common assumption among venture capital firms and some privacy tech startups that the growing volume of global privacy regulations will automatically drive demand and adoption for every kind of privacy technology that claims to aid in compliance. This expectation isn’t guaranteed.
First, it ignores the very real ability and preference inside many companies to build their own solutions tailored to their chosen architecture, scale, and flavor of dysfunction. Many vendor marketing strategies are so reliant on the fear of non-compliance that they don’t see how capable their prospects are at identifying and designing their own solutions, and in a fraction of the time it takes to implement some third party solutions. As a third party, your responsibility is to articulate and deliver a compelling value proposition that companies can’t build for themselves. To understand this, you need to dig deeper into understanding privacy in practice.
Second, it ignores the fundamental cross-functional nature of privacy work. The data minefields landscapes inside most organizations are incredibly complex, as are the internal politics that surround them. Marketing privacy tech is not as simple as convincing a legal team to adopt your tool when they don’t have their own engineering resources or ownership over the relevant systems to implement it. Similarly, vendor promises of “automagical” compliance are typically less compelling for technical teams whose primary objective is to ensure a certain standard of performance and reliability for mission-critical operations. If you don’t understand the personalities and incentives your customers have to work with, you don’t understand your customers.
Ultimately, the growth of privacy tech is a net positive for the world. We’ve demonstrated that there is value in protecting individual privacy, not only in exploiting it. But to be successful in the next chapter of this nascent field, startups will need a deeper understanding of how privacy work is done inside organizations in addition to keeping abreast of the latest regulatory requirements. Engaging with the community helps vendors build solutions nimble enough to grow with the profession of privacy and not confine it to checklists.
