A large part of the work we do with data has significant privacy implications. Wael Hassan has been looking at the economics of privacy and data, and shares some of his thoughts with us.

Privacy startups have generally discovered that the market for privacy products is very small. The reality is that most people do not want privacy tools, but rather privacy protection built into the programs and applications they already use. Given this market context, we consider possibilities for a sustainable revenue model for privacy.

The 1990s and early 2000s held many missed opportunities for privacy startups. The tech world was hyped about privacy. A wide range of privacy techniques were developed, from Internet anonymity to privacy-enhanced surfing to encrypted wallets and anonymous payments. Yet there was and still is no money in privacy products. Several startups that developed privacy products failed miserably. This was not a coincidence: it has always been easier to make money distributing data than withholding it. The market for privacy is only starting to pick up as some privacy technologies, such as identity theft protection, are integrated into security products. Other privacy companies have turned to providing services rather than selling products. Zero-Knowledge Systems, one of my previous employers, folded its privacy products and now provides managed security services. PrivaDoc, Privacy in Design, Privada, Nymity and other privacy startups have almost entirely moved into the services space.

Why privacy products will never succeed

My limited understanding of consumer psychology suggests that people pay for products they use. The majority of the population does not want technical tools. They want user-friendly programs or applications that support what they do in their daily lives—work, studies, shopping, socializing, and so on. They do not want privacy tools, but rather privacy-protected surfing or online purchasing, for example. It would not occur to most to buy a separate product—the majority perspective is that privacy should be integrated into the products they actually use.

If most people will not buy technical tools, how do we explain why people pay for plug-ins and add-ons to applications? These consumers are really a very small segment of the population, usually technology-savvy people who know how to install, configure and use these tools. People willing to purchase privacy tools are an even smaller demographic. Historical experience and market knowledge indicate that end-user privacy products are bound to fail.

New ideas for privacy investments

For privacy technologies to succeed, theyneed a sustainable revenue model that does not depend on individual purchases. Privacy developers have found a couple of ways to do this. One is to work with major corporations to integrate privacy features into software and online applications. Another is to offer services such as online security, identity and access management, and de-identification.

One promising area for new investment is content or media privacy—that is, techniques for extracting, masking, or distorting images or video content that identify individuals. Innovations in this area would likely be of interest to corporations such as Google, Microsoft and Oracle.

Governments could also play a role in supporting the development of privacy technologies. A non-profit, publicly governed privacy lab could potentially attract private funding for innovation and drive the development of technologies that support alignment with federal and provincial privacy laws and standards.

What Twitter can teach about privacy investment

The general public’s privacy concerns are voiced loud and clear on Twitter and other online forums. A casual review of privacy-related tweets reveals that physical privacy usually gets more attention than virtual privacy—except when a major corporate or public sector data breach occurs and elicits a flood of complaints and accusations. Consumers will buy laptop screen filters to prevent other people from reading off their screens in public places, but are less likely to be aware of actions they can take to protect their personal digital data. Virtual privacy issues are generally seen to be a responsibility of corporations and government, not individuals.

In summary, from the perspective of the general public, privacy is an expected feature of the products they use, not a separate product to purchase. Privacy developers may need to rethink who their potential clients are and what products are marketable. A sustainable financial model for privacy innovation will focus on large clients rather than individuals, and seek to integrate privacy into commercial technologies rather than developing privacy products.