The convergence of an exploding startup scene, rising internet usage in the second most populous nation in the world, and a people facing serious privacy challenges, has created a unique opportunity for Indian startups to tackle the issue of privacy in a way Silicon Valley has failed to do.
The Indian Startup Scene
The Indian startup scene is no longer a secret known only to forward thinking investors. The scene has undeniably arrived.
Falling smartphone and bandwidth costs throughout the 2010s has made the explosion in tech startups possible. Some Indian startups are also at a point of maturity and scale where their early employees are taking that experience and knowledge to found or help further other smaller startups. This is the same model Silicon Valley used to create a concentrated hot bed of entrepreneurship and innovation. Indian tech hubs also have an incredible asset where the number of software developers is far greater than what’s available in other cities such as the UK, for example.
Even while facing global economic uncertainty, last year saw the biggest ever investment in Indian startups with Bain counting $10 billion invested throughout 2019. After high-profile exits for investors, such as Flipkart, MakeMyTrip and Oyo, Indian startups are attracting big VC money. At the same time the new upstarts are attracting attention with Bikayi, Decentro, Farmako Healthcare and MedPiper Technologies, making waves in August at a Y Combinator 2-day demo.
India’s startup scene is also not only fuelled by investment and tech talent, but a population of 1.38 billion people that are increasingly coming online in their millions each year. Already, India represents the second largest online market with 560 million internet users. It is project that India will have 974.8 million internet users by 2025.
The Problem of Privacy in India Today
Aadhaar is India’s Biometric Identification system that takes photographs, finger prints and iris scans. This biometric data is linked to a unique 12 digit ID number. As of 4 December 2020, over 1.27 billion people have an Aadhaar number, which is more than 99% of the Indian adult population.
While the objective of the system is to streamline government services and eliminate corruption that has plagued social payment schemes, it also represents a massive opportunity for hackers and state-sponsored privacy abuses. It is believed that the Aadhaar system may have already leaked the details of 135 million Indians.
News of data breaches and abuses of privacy have been worryingly common in recent years. India suffered many astonishing data breaches in 2019, including 600m Facebook passwords stored in plain text, personal healthcare data from 6.8m people leaked, and 1.3m credit card numbers from India’s largest bank stolen. In 2020, Delhi police were reported using drones and Automated Facial Recognition Software (AFRS) to track protestors. This year also saw how with a basic phishing attack hackers were able to gain access to the serves of India’s largest nuclear power plant.
Indian businesses are also operating at a dangerous crossroads in terms of privacy: increasingly aware of the value and the possibilities to monetise data, while at the same time inadequately securing the data they collect. According to the Dell Global Data Protection Index 2018, 47% of Indians companies are willing to monetise the data they collect, and a massive 71% report not having access to the necessary data protection tools. We also have the arrival of 5G coming in 2020, and with faster internet means faster data theft, leaving organisations at risk of not being able to identify attacks at the necessary speed.
Against this backdrop, the 2019 Personal Data Protection Bill is still working its way through the Indian parliament. It aims to protect individual’s data and calls for the localisation of data, but worryingly for privacy advocates it gives the national government free rein in the case of ‘national security’.
With all this considered, it’s may not be surprising to read that India is arguably the most privacy aware nation in the world. In 2019, India was ranked the most aware nation regarding their country’s data protection and privacy rules, with 18% of the population very aware and another 42% somewhat aware. I have also seen anecdotal evidence of this when Akord launched a free encrypted file transfer service. India represented by far the largest source of traffic and users.
Silicon Valley is Forever Playing Privacy Catchup
The giants of Silicon Valley paved the way for advertising-based revenue models within the tech industry. Models that harvested data and trampled over users privacy in the pursuit of maximising profit.
Right now we see the consequences of a backlash to these models and the growing awareness around online privacy issues. With recent headlines such as, “Silicon Valley at war over privacy”, we see how certain tech companies like Apple are realising that privacy is a big concern for their users. Apple and starting to build their products with ever more features designed to protect that right. And in the process they are antagonising the other big players who cannot divorce themselves from a revenue machine that is wedded to data extraction and manipulation at a global scale.
At the government level, the US and Europe are implementing extensive regulations, like GDPR in Europe and CCPA in California, to respond to privacy threats and protect personal data. Within the market, businesses have responded by providing privacy-first solutions to most of big tech’s ubiquitous products. Examples include, Duck Duck Go and Ecosia internet search engines, Brave and Tor web browsers, Signal and Telegram messaging services, Protonmail and Tutanota email, Sync and Tresorit data storage, and Simple Analytics and Fathom within the web analytics space.
Despite desperate efforts by some such as Facebook who are scrambling to present themselves as pro-privacy, Silicon Valley has already lost the credibility war that is arguably as important as the technology when it comes to the privacy concerns of individuals. It is practically impossible for these companies who rely so heavily on data and an advertising revenue to reverse engineer privacy. It is antithetical to the way they make money and their, now deeply ingrained, company cultures.
An Unparalleled Opportunity for Indian Startups
With the startup scene and privacy landscape, such as we’ve outlined above, the stage is set for Indian startups to step in and capitalise on a unique set of conditions to protect privacy in a way Silicon Valley has been unable to do.
As the privacy-focused software mentioned above has proven already there is a profitable business model driven directly from making privacy the central value proposition of your product. And in India the awareness around privacy and growing online market is currently unmatched anywhere in the world.
It is my belief that Indian startups are now presented with a one-off opportunity to build an ecosystem built upon privacy-by-design principles. Startups at fast-growing tech hubs like Hyderabad, Bangalore and Mumbai could soon emerge demonstrating new and innovative ways to protect privacy at scale, while simultaneously driving wealth generation and delivering new products and services to the marketplace.
Encouragingly, I believe it is not even necessary for the majority of startups to adopt a privacy-first perspective in their product development in order to tip the scale. All that is needed is a stubborn minority that refuse to sacrifice privacy, and thereby drag along a more flexible majority to adopting their principles. This effect is called the Minority Rule, as documented by Nassim Taleb:
“It suffices for an intransigent minority — a certain type of intransigent minorities — to reach a minutely small level, say three or four percent of the total population, for the entire population to have to submit to their preferences… The minority rule will show us how all it takes is a small number of intolerant virtuous people with skin in the game, in the form of courage, for society to function properly.”
~ The Most Intolerant Wins: The Dictatorship of the Small Minority
Taleb gives the example of the UK where only 3–4% of the population are practising Muslims, but much of the meat is halal: “A Kosher (or halal) eater will never eat nonkosher (or nonhalal) food, but a nonkosher eater isn’t banned from eating kosher.”
If we apply this idea to the subject of privacy we can imagine how only a small percentage of stubborn, virtuous startups (or people within a startup for that matter) are needed to champion privacy in order to control the narrative and direction for the whole eco-system. Once that minority pushes privacy to the forefront of their agenda and refuses to compromise on it, then everyone interacting with them is forced to adopt their values.
In a nation where privacy is such a big issue, it’s easy to imagine how this minority could create the dynamics where any company not protecting privacy will be exposed and overtaken by competitors offering the same services but with privacy protections. Indeed, we can easily see how a race to the top could emerge, with the competitive edge being defined by those who are able to best demonstrate their privacy credentials and ethics more generally.
Already we see the first promising signs of startups that could form the beginning of this movement: Letter is a ‘privacy-oriented email provider’, Forpose is ‘India’s first privacy enabled social networking app’, and Say Namaste the video conferencing tool that focuses on security and privacy.
Hopefully this is just the beginning, but only time will tell if startups from places like Hyderabad and Bangalore will be able to succeed where Silicon Valley failed in protecting privacy. Maybe in the not so distant future we will refer to an Indian valley (another resource the subcontinent is in plentiful supply of) when referring to exciting new tech startups.