Over the past 20 years, there has been an increase in concerns and media attention in regards to how companies offering free services go about securing their private information. This is especially true after scandals such as Cambridge Analytica, Twitch, or Robinhood. While many companies publicly claim to "take privacy seriously”, we wanted to determine whether they were actually putting their money where their mouth is. Through our continued partnership with Diffbot, we analyzed the public web using the Diffbot Knowledge Graph to gain insight into how industries are investing into privacy, both from the perspective of company formation and talent development.

We first looked at the amount of venture capital money going into the privacy sector since the year 2000. Over the last two decades, $6.53 billion have been invested into the top 25 best funded privacy companies. The majority was invested into business-to-business (B2B) companies ($5.05 billion). In fact, only seven of those 25 companies are business-to-consumer (B2C) and received $1.48 billion of investment. We saw that the top B2C offerings included private browsing (Anchorfree, Duckduckgo), password managers (1password, Dashlane), online identity networks (id.me), home security devices (Canary), secure messaging apps and crypto wallets (status.im). Investment really took off around 2015.

Another of our findings was that only one of the seven B2C companies had been founded in recent years, and that all others were founded in the early 2000s. The majority of the top B2B companies are generally founded more recently than the B2C companies. The question arises whether the imbalance of B2B/B2C companies indicates that companies are simply investing in privacy to comply with regulations or whether there is a significant trend towards consumer oriented privacy offerings.

We've certainly seen some companies, like Apple, market themselves as a company with good data privacy practices. You can also see in the above graph that there was a significant increase in the rate of investment in 2015, as companies raced to achieve compliance ahead of GDPR, the European Data Protection legislation which came about in 2016. Prior to 2015, the average annual yearly investment in privacy companies was $184 million, and after 2015, it was $1.48 billion, an eightfold increase.

Since then, more countries have passed data privacy laws that regulate how companies are handling consumer data, and investment took off. We have no way of knowing if there is a causal relationship there, but the timing would lead us to believe that investment is related to the increased regulatory scrutiny.

Oddly, there has been a decrease in the amount of privacy focused companies founded since 2017. Does that suggest that the market is saturated with privacy solutions or is there a decrease in the concerns of consumers? It might just be that some companies formed in the last few years haven’t publicly announced themselves yet.

We also analyzed different industries to determine if any were more or less focused on privacy. The industries with the most privacy funding are security software, software as a service (SaaS), telecommunications, and financial technology. (Note that this only includes public funding.)

Another way that we can look at how seriously companies are treating privacy is by how much they have internally invested in headcount to form privacy teams, or teams that work on privacy-related aspects. Overall, the companies with the most privacy workers are mostly in the technology, consulting, and finance sectors.

Big Tech has held their promise and are indeed investing into their privacy workforce. This is especially true of Meta, who publicly vouched to heavily invest into privacy, who has had a steep increase in privacy hiring.

Naturally, we have also seen the numbers of privacy professionals grow overall, attracted to the jobs and perhaps interest in the area. As more privacy companies are founded and more privacy regulations are passed, this was to be expected.

It's possible that the US has the highest number of privacy workers due to population rather than having more privacy focused businesses, as privacy is generally a larger focus in Europe.

It remains to be seen if this will result in the US having better privacy outcomes for its citizens. Considering that it's the home of the Big Tech companies whose businesses rely on collecting data, we tend to think that it's unlikely.