Sector Home
Digital Privacy Tools
New data privacy regulations have opened up space for a new wave of compliance-focused startups.
Overview
Digital privacy has become more than just a compliance exercise
Digital privacy broadly refers to the use of internet and connected services without compromising personally identifiable and sensitive data. As at January 2020, the internet had 4.5 billion users, representing 59% of the global population. Digital platforms and applications have become alternatives to previously in-person activities like banking, shopping, socializing, and networking. The proliferation of internet-based services in our daily lives creates a constant flow of sensitive information from the user to these services, which has inspired regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to emerge to protect consumer privacy.
Industry Updates
Osano introduces industry’s first “No Fines, No Penalties” pledge and announces USD 11 million in Series A1 funding
OneTrust acquires Tugboat Logic to automate security assurance and certification
Ketch raises USD 20 million in Series A1 funding
Market Sizing
The market for compliance and privacy management tools in the US is estimated to reach USD 3.6-6.7 billion by 2025
USD 3.6 Bn
USD 5.2 Bn
USD 6.7 Bn
COVID-19 IMPACT
-
Covid-driven digital transformation has increased demand for solutions that enable remote collaboration and secure access to sensitive data all while remaining compliant with relevant regulations.
-
Very Good Security doubled its customer base and increased the volume of data it handled by tenfold.
-
Tonic saw its revenue increase by 600% in 2020 with Harbr also reporting a rapid increase in demand.
-
-
Online retail sales grew by over 32% during the first nine months of 2020, resulting in higher volumes of user data passed on to online retailers.
-
Authorities indicate that existing regulations (such as the GDPR and CCPA) will continue uninterrupted. In an unexpected move, Brazil reversed its decision to postpone implementation of its privacy regulations.
-
Privacy concerns have deterred mass adoption of contact tracing technology, which have allowed some governments to track and curb the spread of the Covid-19 virus.
Market Mapping
The digital privacy space includes companies which cater to both enterprises and end consumers. Most of the companies offering solutions to enterprises are in the business of providing solutions to comply with regulations such as the GDPR and CCPA, with several other companies offering solutions to collaborate on, store, and carry out data processing on sensitive information without compromising privacy.
The industry has seen a hike in the number of new startups, with close to 60% of the startups founded after 2016 and more than two-thirds currently in the early/growth stage. This increase is driven by the emergence of the GDPR and other regulations that have followed. The disruptors offer a wide range of patented and AI-based solutions to support organizations across various areas of privacy compliance and have seen their revenues grow significantly over the last three years. In September 2020, Inc. magazine named OneTrust the fastest growing company in the US, recording revenue growth of more than 48,000% from 2016 to 2019 and reaching USD 70 million revenue in 2019. OneTrust was also the highest valued disruptor, with its last funding round in April 2021 placing a value of USD 5.3 billion on the company.
The incumbents largely include IT consulting giants that have ventured into this space through a mix of in-house development and acquisitions.
Compliance and privacy management infrastructure
?Privacy-preserving collaboration
?Privacy-preserving data processing
?Data governance platforms
?Data storage solutions
?B2C tools
?The Disruptors
The disruptors for compliance solutions largely include companies that were founded after 2016, in line with the emergence of the GDPR and other privacy regulations. These companies are pure-play privacy solution providers, unlike most of the incumbents, and provide a solution/platform that leverages technologies such as AI and machine learning algorithms to automate tasks related to privacy compliance.
Disruptors are also offering privacy-preserving solutions for companies to manage, access, share, and process sensitive data without compromising privacy. For enterprises that do not want to maintain their own compliant storage infrastructure, disruptors are also offering data storage solutions that come equipped with enough protection to comply with privacy regulations and other data residency requirements.
Lastly, the disruptors in the business-to-consumer (B2C) space provide applications that end-users can sign up and use to enhance their privacy online. Some companies in this section already provide a similar product for enterprises. The single-user version for consumers is provided for free or a nominal charge.
Compliance and privacy management infrastructure
?Disruptors
OneTrust
BigID
Securiti
Privacera
WireWheel.io
Sourcepoint
Ketch
DataWallet
DataGrail
Odaseva
Relyance AI
Okera
Transcend
Usercentrics
Ethyca
DataGuard
TerraTrue
1touch.io
Aptible
Watchlist
Osano
RADAR
Manetu
ShardSecure
Heureka Software
CyberSaint Security
PrivacyCheq
Cavelo
RIVN
MENTIS
Clarip
Ardent Privacy
Preclusio
Truyo
NiX Software
Gamma Networks
CENTRL
BreachRx
Canopy Software
Control.My.ID
SixFifty
SecuPi
oneDPO
GDPRSimple
SafeGuard Privacy
Privacy-preserving collaboration
?Disruptors
Privitar
InfoSum
Virtru
Harbr
Zivver
Tresorit
Theta Lake
ProtonMail
Watchlist
TripleBlind
Sotero
StrongSalt
Privapp
MENTIS
HighSide
Halo Privacy
XcooBee
DocEx
Privacy-preserving data processing
?Disruptors
Privitar
InfoSum
Okera
Cape Privacy
Gretel.ai
Anonos
Tonic
Opaque
Watchlist
Borneo
SkyPoint Cloud
Manetu
Privacy Dynamics
Private AI
Glimpse Protocol
Aircloak
Datavillage
Cufflink
FortifID
Statice
IOR Analytics
Semele Data
Data governance platforms
?Disruptors
Immuta
Privitar
Odaseva
Okera
PHEMI Systems
Watchlist
Borneo
Sotero
eXate
MENTIS
HighSide
IOR Analytics
ENGAIZ
Data storage solutions
?Disruptors
Very Good Security
InCountry
Skyflow
Inrupt
Watchlist
StrongSalt
HighSide
Halo Privacy
XcooBee
B2C tools
?Disruptors
DuckDuckGo
Brave
Xayn
Anonyome Labs
The @ Company
AutoGraph
Mine
ProtonMail
Watchlist
Abine
Purism
Keepsafe
Disconnect
Helm
TrackOFF
Winston Privacy
Cufflink
Clarip
Privatext
Puma Browser
Presence Global
Rita Personal Data
JoinPrivacy
Privsee
OneTrust
OneTrust provides compliance solutions that leverage AI tools and automation across all areas of privacy compliance. OneTrust Athena, the company’s AI-powered solution, provides automation in the areas of data discovery, data subject rights management, consent management (with a user-facing preference center for greater control), data protection impact assessments, third-party risk management, incident response reporting, and monitoring. The company also provides regulatory research software that companies can use to train staff and even benchmark their own privacy programs. The company’s Government Records Request Automation solution helps government organizations intake requests, automate data discovery and redaction, and provide a secure two-way communication portal that demonstrates compliance with FOIA, PRR, and the Privacy Act.
OneTrust has strengthened its position in the digital privacy space through several acquisitions in recent years. In March 2021, OneTrust acquired DocuVision, an AI-powered data redaction platform to bolster its data subject rights capabilities through automatic redaction of non-relevant sensitive information. During the same month, OneTrust acquired Convercent to enhance its platform through advanced ethics and compliance capabilities, and helpline and disclosure management. OneTrust acquired the security assurance and certification platform Tugboat Logic in September 2021, to automate its InfoSec assurance and certification processes. Other notable acquisitions include Privacy Core e-learning, DataGuidance, and Integris Software.
In September 2020, OneTrust was named the fastest-growing privately held company in America, with revenue growth of more than 48,000% over three years. In addition to the US, OneTrust also operates in the UK, France, Germany, India, Hong Kong, Thailand, and Australia. The company employs 2,000 people, serves more than 10,000 customers (including half of the Fortune Global 500 companies), and its solutions are backed by 150 patents, as of September 2021.
In December 2020, OneTrust raised USD 300 million in Series C funding at a valuation of USD 5.1 billion, almost doubling in value from its previous round in February 2020. The investment was led by TCV, with participation from OneTrust's existing investors, Insight Partners and Coatue. This preemptive funding round is expected to be spent on research and development as well as expanding its sales, marketing, and engineering teams worldwide. In April 2021, the Series C round was extended by another USD 210 million in Series C1 funding from SoftBank Vision Fund and Franklin Templeton, bringing its valuation to USD 5.3 billion. The company expects to use SoftBank’s backing to cement a geographical position in Japan.
- Segment:
- Compliance and privacy management infrastructure
- Total funding:
- USD 920.0 million
- Competitors:
- BigID, SECURITI.ai, Transcend, Okera, WireWheel.io
Disruptor Funding History
Compliance and privacy management infrastructure:
OneTrust
BigID
Securiti
Privacera
WireWheel.io
Sourcepoint
Ketch
DataWallet
DataGrail
Odaseva
Relyance AI
Okera
Transcend
Usercentrics
Ethyca
DataGuard
TerraTrue
1touch.io
Aptible
Osano
RADAR
Manetu
ShardSecure
Heureka Software
CyberSaint Security
PrivacyCheq
Cavelo
RIVN
MENTIS
Clarip
Ardent Privacy
PreclusioPrivacy-preserving collaboration:
Privitar
InfoSum
Virtru
Harbr
Zivver
Tresorit
Theta Lake
ProtonMail
TripleBlind
Sotero
StrongSalt
PrivappMENTISPrivacy-preserving data processing:
The Incumbents
The incumbents in this space include established companies such as TrustArc and Ensighten which were already operating in the digital privacy space, and companies such as Accenture, IBM, and other technology consulting giants that have expanded offerings to provide compliance related services either internally or through acquisition. Each incumbent here provides their own variant of a platform/solution for organizations to achieve compliance with privacy regulations. Incumbents have working partnerships with other companies (including disruptors) in the space.
In-house development
Acquisition
TrustArc
Ensighten
Accenture
Cognizant Technology Solutions
Larsen & Toubro Infotech
Wipro Technologies
IBM
Informatica
Crownpeak Technology
Twilio (Segment)
AWS (Wickr)
Mozilla Corporation
LiveRamp
Swiss Post
Lithic (Privacy.com)TrustArc
TrustArc Inc. started in 1997 as TRUSTe, a non-profit organization that provides privacy certifications for websites, mobile apps, and the cloud. In 2008, the company converted into a for-profit entity, raising capital from Accel Partners. The company started providing privacy management tools in 2010. Almost a decade later, capability was added to the platform to simplify compliance management with GDPR, CCPA, and other regulations. The company acquired Nymity Inc. in 2019. Nymity offered privacy compliance solutions in Canada and the EU. Through this acquisition, TrustArc expects to increase its global footprint by 50%.
The company’s platform uses machine learning techniques to automate and manage all phases of privacy compliance, including data discovery, identification of compliance gaps, third-party risk management, carrying out data protection impact assessments, automating consent, data subject rights management, and reporting. The company serviced more than 1,000 clients as of 2019. The company also provides consultancy services, training, and TRUSTe privacy certifications.
