If I’d gotten a penny for every time somebody in Germany told me that privacy can be a competitive advantage, I’d long be driving a golden Lamborghini. With everything that has happened this year, 2019 might be the year when privacy gets relevant.
2013: The first wake up call
Five years have passed, since Edward Snowden revealed how government agencies are systematically undermining our privacy. While the media echo and public outcry were loud at that time, almost nobody changed their behavior.
2018 was different
Unlike Snowden’s revelations, the privacy scandals of Facebook, Google (and Twitter) of 2018 have touched us as consumers. Whereas, most felt powerless in the face of government ordered spying, we felt personally betrayed by Facebook and Google.
For years, we were happy with giving out our data on every aspect of our lives, from friends, interests to actual location for free. We trusted both companies. They weren’t evil. Sure, they used the data for ads, but that’s OK, we told ourselves. Ads are part of the bargain. They’re even part of the user experience.
Trust is a very strong foundation. It’s a heuristic that consumers use in order to reduce and navigate the complexities of the digital world.
Trust is really hard to build. But it can be quickly destroyed.
Use our data to manipulate ourselves? Let others access our data without our consent? Forget to secure our data? In terms, of individual events, all of those are bad. But people forget.
2018 was different, though. Every month brought new breaches, manipulations and unethical behavior to light.
Facebook lead with the Cambridge Analytica breach, people realizing what off-site user tracking actually means, privacy bugs and sharing user data without consent. Google offered similar examples, in forms of data breaches, data access or profiling. Twitter had to remove thousands of bot accounts that were used to manipulate voters.
With no bottom in sight, these news were everywhere. We were constantly reminded that Facebook and Google can’t be trusted. Times like these make people start to notice patterns and loose trust. I certainly did.
Privacy principles and laws catch up
Germany has the strictest data privacy laws in the world. The law provides guiding principles, such as data minimalism. It means, that any business should collect as little data as possible.
GDPR has brought comparable principles to all of Europe.
Software development principles, such as privacy by design as well as privacy by default emerge out of these laws.
Privacy by design means that systems should be designed with privacy in mind. Technology and systems architecture have the job to facilitate privacy.
Privacy by default means that the default state of any system should be the one, which is best for privacy.
GDPR came into effect in May 2018. This brought a lot of media attention towards privacy all around the world. In Germany, “DSGVO” the German name of GDPR even made rank #8 on Google’s news trends for 2018.
Incumbents business is aligned against providing privacy
For Facebook and Google, as platforms, providing privacy is a bad business model.
Facebook’s business is driven by the size of their network. Anything that introduces friction to participate in their network, is bad for business.
Allowing users to pay for not being tracked, would economically only start to break even at a price of over 100 USD per US user (35 USD in EU) per year. Most consumers are not willing to pay that kind of money for a service that was always free.
For Google Search, the economics look similar. Access to the demand (searchers), is more worth to advertisers than privacy to users. Moreover, data provides a network effect for the search result, in as much as tracking users provides valuable signals into rankings. This improves the experience of users and drives utility and usage.
Moreover, those users who could afford to pay for not being tracked are the ones who are of most interest to advertisers. This creates another incentive against changing their current business model.
Anecdotal data shows growing adoption of privacy-focused alternatives and tools
While people say that privacy is important, hitherto their actions have demonstrated the opposite.
This seems to change. A quick look on Google Trends confirms that the bad news surrounding Facebook had an effect. Searches for “deactivate facebook” peaked in June 2018. For Google, though, business is still largely as usual.
Maybe, people don’t search for Google Search alternatives. They just switch. After all, the switching cost are much lower in search than in social networking. The next search engine is just one click away.
For years, DuckDuckGo positioned itself as a privacy-focused alternative to Google. I have selected it as my default search engine this year. And I wasn’t the only one.
Daily Direct 30 Day Average Searches on DuckDuckGo grew from 19m in December 2017 to an impressive 31m in December 2018.
Let’s look at another example: Email. Everybody uses email. People came online in order to use email.
Snowden revealed how our email communication is being accessed, monitored and analyzed in 2013. He also urged people to start encrypting their email communication, in order to make it harder to intercept. There are several ways to encrypt email. One of the most common ways is called OpenPGP.
The following graph shows the development of the total number of PGP keys as a proxy for usage.
We clearly see that Snowden’s revelations had an effect on the usage of PGP in 2013. Interestingly, there is also another spike in 2018. This confirms that adoption increases as a reaction to privacy scandals.
Privacy will become a viable niche
To summarize where we stand:
- Incumbents’ business models are aligned against providing privacy.
- Scandals and increased scrutiny of their use of our data undermine trust.
- Laws and regulations have the goal of strengthening data privacy for consumers.
In terms of trends, it seems that we have indeed arrived at a place where a focus on privacy could provide a relevant, easy to understand and valuable differentiation. But where might be an ideal starting point for a privacy-focused service?
I would propose three opportunity spaces for privacy-first companies.
Products, where private data provides low utility
Users of these products don’t directly benefit from sharing their data. These services don’t improve as a result of having access to private user data. An example are utility products, such as storage or hosting.
Value of privacy is high to the consumer
The value of privacy may be high, because of the type of data or context where services are used. However, this opportunity space can be much trickier than the first one. As we have seen, the value of data stored in Facebook is high, but it is much higher for the service and network effects make quitting so hard.
Successful examples in this space are privacy-focused messaging alternatives. In 2018, we have seen huge support for secure messaging apps Telegram and Signal. Privacy-focused mail services, such as Posteo or ProtonMail have also grown considerably. This is especially important, as these services demonstrate that consumers are willing to pay for privacy!
Technologies enabling privacy-focused applications
The third opportunity space is occupied by companies building tools, infrastructure and enabling technologies that allow to build and run privacy-focused applications. Anonymization, encryption, compliance and usability still provide relevant challenges for organizations that want to offer privacy-first services while still benefiting from things such as analytics.
In 2018, I have adopted and started paying for privacy-focused alternatives to the “free” services I had used before. I believe that we will see more adoption and better privacy-first services in the future.
Starting this year, privacy is becoming a viable niche.