I’ve been a member of ACT | The App Association since it was founded in 1998, and for the most part, I was a typical member: a software developer at a tech company. For the past five years, however, I have been a venture capitalist based in Silicon Valley. It was a major career change – I went from debugging code to evaluating business plans of high-tech startups and investing in the best ones. Venture capitalists spend all of their time meeting the founders of early-stage companies and negotiating cash investments into those companies in exchange for a percentage of ownership in that company. Approximately one in every 10 startups in a venture capitalist’s portfolio succeeds and makes us money. It’s a pretty risky business to be in, but the payoff can be huge.
Investing in startups takes a lot of patience and a unique relationship with risk and uncertainty. The uncertainty of startup investing is super exciting; one of the companies in my current portfolio could be the next Facebook, Amazon, Netflix, or Google. But to get there, a startup is facing competition from the above companies, all who make in profits in about an hour what a startup has for operating capital for a year.
You are probably wondering, “what does this have to do with privacy?” A lot, actually.
Privacy legislation such as the European Union’s General Data Privacy Regulation (GDPR), gives established companies a major advantage over a startup. For example, only the large companies, like Amazon and Facebook, can afford to comply with the legislation. This leads to startups having to choose to ignore the law or ignore the market altogether. Not a great set of choices considering each day the legislation intended to foster innovation and restrain the big companies actually makes the big companies’ position even stronger, stifling innovation.
Another very troubling privacy trend are the national laws requiring companies to house the data they collect on their citizens in their home country. India, for example, just proposed legislation requiring tech companies to store data generated by Indian citizens in India. Again, a startup can’t afford to do this, but the big companies can.
Lastly, the uncertainty of privacy legislation and regulation is a deterrent to startup growth and overall innovation. Currently, the United States has no national privacy regulation, yet recent hearings on Capitol Hill, 2020 Presidential candidate speeches, and state legislature proposals suggest that something is coming soon. The problem is that by not having a comprehensive national privacy set of legislation set up, startups don’t know what to do. This uncertainty makes it difficult for a startup to function and even harder for me as an investor to invest. The best path forward for me is not to invest in a company that will meet the eye of a future regulation until said regulation is written.
This is what happened 10 years ago to every healthcare-related startup with the run-up to the passing of the Affordable Care Act (ACA). From 2007 to 2009 there was virtually no investment in any healthcare-related startups until the ACA was passed.
Let me give you an example of how all of these conflicting rules and regulations can impact a small business. One of our companies is based in the European Union, has operations in the United States, and has customers in over 100 countries. They have to comply with GDPR, India’s new local server law, and the uncertainty of the laws in both the United States and roughly 75 other non-EU countries. They are struggling to keep up, let alone comply with the existing laws. Their chief competitor is a cash-rich publicly traded company that has the resources to not only comply with the variety of laws but also build a moat to defend themselves against the startup.
All of this uncertainty makes me remember my days of debugging code very fondly. Hopefully, regulators and legislators will realize that privacy regulation, if written poorly, will only strengthen the companies they wish to constrain and stifle the smaller, more innovative companies they hope to protect.
Written by Stephen Forte of member company Fresco Capital