If I’d gotten a penny for every time somebody in Germany told me that privacy can be a competitive advantage, I’d long be driving a golden Lamborghini. With everything that has happened this year, 2019 might be the year when privacy gets relevant.
Five years have passed, since Edward Snowden revealed how government agencies are systematically undermining our privacy. While the media echo and public outcry were loud at that time, almost nobody changed their behaviour.
Unlike Snowden’s revelations, the privacy scandals of Facebook, Google (and Twitter) of 2018 have touched us as consumers. Whereas, most felt powerless in the face of government ordered spying, we felt personally betrayed by Facebook and Google.
For years, we were happily giving out our data on every aspect of our lives, from friends, interests to actual location for free. We trusted both companies. They weren’t evil. Sure, they used the data for ads, but that’s OK, we’ve told ourselves. Ads are part of the bargain. They’re even part of the user experience.
Trust is a very strong foundation. It’s a heuristic that consumers use in order to reduce and navigate the complexities of the digital world.
Trust is really hard to build. But it can be quickly destroyed.
Use our data to manipulate ourselves? Let others access our data without our consent? Forget to secure our data? In terms, of individual events, all of those are bad. But people forget.
2018 was different, though. Every month brought new breaches, manipulations and unethical behaviour to light.
Twitter had to remove thousands of bot accounts that were used to manipulate voters.
With no bottom in sight, these news were everywhere. We were constantly reminded that Facebook and Google can’t be trusted. Times like these make people start to notice patterns and loose trust. I certainly did.
Germany has the strictest data privacy laws in the world. The law provides guiding principles, such as data minimalism. It means, that any business should collect as little data as possible.
GDPR has brought comparable principles to all of Europe.
Software development principles, such as privacy by design as well as privacy by default emerged out of these laws.
Privacy by design means that systems should be designed with privacy in mind. Technology and systems architecture have the job to facilitate privacy.
Privacy by default means that the default state of any system should be the one, which is best for privacy.
GDPR came into effect in May 2018. This brought a lot of media attention towards privacy all around the world. In Germany, “DSGVO” the German name of GDPR even made rank #8 on Google’s news trends for 2018.
For Facebook and Google, as platforms, providing privacy is a bad business model.
Facebook’s business is driven by the size of their network. Anything that introduces friction to participate in their network, is bad for business.
Allowing users to pay for not being tracked, would economically only start to break even at a price of over 100 USD per US user (35 USD in EU) per year. Most consumers are not willing to pay that kind of money for a service that was always free.
For Google Search, the economics look similar. Access to the demand (searchers), is worth more to advertisers than privacy to users. Moreover, data provides a network effect for the search result, in as much as tracking users provides valuable signals into rankings. This improves the experience for users and drives utility and usage.
Those users who could afford to pay for not being tracked are the ones who are of most interest to advertisers. This creates another incentive against changing their current business model.
While people say that privacy is important, hitherto their actions have demonstrated the opposite.
This seems to change. A quick look on Google Trends confirms that the bad news surrounding Facebook had an effect. Searches for “deactivate facebook” peaked in June 2018. For Google, though, business is still largely as usual.
Google Trends results for “deactivate facebook” and “close google” since 2016 - Source
Maybe, people don’t search for Google Search alternatives. They just switch.
After all, the switching cost are much lower in search than in social networking. The next search engine is just one click away.
For years, DuckDuckGo positioned itself as a privacy-focused alternative to Google. I have selected it as my default search engine this year. And I wasn’t the only one.
30 Day Average Search Queries on DuckDuckGo - Source
Daily Direct 30 Day Average Searches on DuckDuckGo grew from 19m in December 2017 to an impressive 31m in December 2018.
Let’s look at another example: Email. Everybody uses email. People came online in order to use email.
Snowden revealed how our email communication is being accessed, monitored and analysed in 2013. He also urged people to start encrypting their email communication, in order to make it harder to intercept. There are several ways to encrypt email. One of the most common ways is called OpenPGP.
The following graph shows the development of the total number of PGP keys as a proxy for usage.
Number of total OpenPGP keys by day - Source
We clearly see that Snowden’s revelations had an effect on the usage of PGP in 2013. Interestingly, there is also another spike in 2018. This confirms that adoption has increased as a reaction to the recent privacy scandals.
To summarise where we stand:
- Incumbents’ business models are aligned against providing privacy.
- Scandals and increased scrutiny of their use of our data undermine trust.
- Laws and regulations have the goal of strengthening data privacy for consumers.
In terms of trends, it seems that we have indeed arrived at a place where a focus on privacy could provide a relevant, easy to understand and valuable differentiation.
But where might be an ideal starting point for a privacy-focused service?
Quitting Facebook, has become a sort of Meme on Twitter. But is that really a good starting point?
I would propose three opportunity spaces for privacy-first companies.
Users of these products don’t directly benefit from sharing their data. These services don’t improve as a result of having access to private user data. An example are utility products, such as storage or hosting.
The value of privacy may be high, because of the type of data or context where services are used. However, this opportunity space can be much trickier than the first one. As we have seen, the value of data stored in Facebook is high, but it is much higher for the service and network effects make quitting so hard.
Successful examples in this space are privacy-focused messaging alternatives. In 2018, we have seen huge support for secure messaging apps Telegram and Signal. Privacy-focused mail services, such as Posteo or ProtonMail have also grown considerably. This is especially important, as these services demonstrate that consumers are willing to pay for privacy!
The third opportunity space is occupied by companies building tools, infrastructure and enabling technologies that allow to build and run privacy-focused applications. Anonymization, encryption, compliance and usability still provide relevant challenges for organizations that want to offer privacy-first services while still benefiting from things such as analytics.
In 2018, I have adopted and started paying for privacy-focused alternatives to the “free” services I had used before. I believe that we will see more adoption and better privacy-first services in the future.
Starting this year, privacy is becoming a viable niche.
Feature photo by Paweł Czerwiński on Unsplash
Every 1-2 months, I ship short snippets along with news I found insightful, plus any new essay directly to your doorstep (inbox). Subscribe! It'll help you figure out what's going on now and what will happen next.