A New Era of Privacy: Why We Invested in Osano

By Saaya Nath

How many times have you been casually scrolling through your Facebook feed or browsing the web and come across an ad far too familiar for comfort? It could be a hotel ad for the Bahamas vacation you were just researching, or even further, an ad for the exact shirt you were just looking at on your favorite brand’s mobile app. I confidently assume that most people reading this have been victim to this phenomenon, harmlessly referred to as “targeted advertising”.

The problem, however, is that these ads have become too targeted, so much so that they’re often deemed “creepy” in everyday conversation. This can be attributed to now commonplace data collection technologies, such as tracking pixels and first- and third-party cookies. With these, companies have found a way to very easily turn customers into highly lucrative products: by simply collecting and selling their data. In 2020, 2.5 quintillion bytes of data were being generated daily – a gold mine for advertisers! (To help grasp the magnitude of that number, a quintillion boasts 18 zeroes)1.

The fact is, with the abundance of personal data consumers are generating, and passively handing over to thousands of sites, knowing who you are, what you like, and what you search for has become painstakingly easy for companies. But, while effective for some time, this practice has reached a tipping point. “Over-targeted” ads have made consumers tremendously aware of how much they expose themselves online, as they frequently began questioning “how did they know this about me?”

And if these ads don’t strike a chord for everyone, let’s talk about the major data breaches that have plagued our news headlines the past few years. Last year alone, over 150 million Americans received an email saying something along the lines of “we are writing to let you know about a recent security incident that involves your personal information”2. These “security incidents” are typically breaches of the data consumers have shared with a company they may, or even may not have, interacted with.

There’s no arguing that people have become more knowledgeable about the true vulnerabilities of the internet, and the extent to which they constantly share their personal information. And with knowledge, comes power. Just as consumers once demanded visibility in food production and textile manufacturing (which ultimately led to massive shifts in their preferences), people are now insisting on transparent data collection and privacy practices. People want to know what personal data is being collected, how it’s being used, and ultimately, own the right to determine its destiny. In fact, a recent survey by Invisibly showed that 68% of consumers consider data privacy important, and 82% support measures that would prevent companies and devices from collecting or sharing their data3.

In response to consumer demands, governments across the world are stepping up by increasing their regulations and scrutiny on how companies handle personal data.

  • Perhaps the most well-known privacy law, the EU’s GDPR, paved the way for other localities to impose their own restrictions. From California’s CCPA to Virginia’s CDPA all the way to Brazil’s LGPD, we’re seeing more governments rethink human privacy and the enterprises’ role in it.
  • Beyond mandates, we’re also seeing regulators strictly back up their laws with record-breaking crack downs. Last year, Google was fined $120 million for illegally dropping tracking cookies users hadn’t consented to4. More recently, Amazon and WhatsApp faced massive $887 million and $267 million fines, respectively, for breaking similar GDPR rules.5,6

With immense pressure mounting from both ends—consumers and regulators—enterprises are being forced to become compliant and transparent, fast. Being “privacy-friendly” has quickly shifted from a “nice-to-have” feature providing competitive edge to a necessary stamp of approval companies must earn to sustain long-term customer loyalty and retention.

But the growing tapestry of regulations at local, national, and continental geographies makes adherence a daunting task. Add to this the complexity which parameters such as user profile and website traffic bring to regulations, and you’ve got a tall order. And if historical regulatory activity is any indicator, we can bet that this will only get more complex and difficult to navigate without purpose-built solutions.

Enter, Osano. Osano is an easy-to-use, complete data privacy platform that helps businesses quickly become compliant with privacy legislation around the globe. We’re very excited to have led their latest financing to support them in building out their highly competitive moat:

  • First, their core consent management offering is one of the most comprehensive in the industry. By tracking legislations, judicial rulings, and protection opinions in over 40 countries, immediately upon deployment companies can feel confident that they are in compliance across their business. While this is a protection every website and company needs, most existing privacy providers aren’t addressing it or are only providing the bare minimum.
  • Second, while well-suited to serve even upstream customers, Osano has been purpose-built for a segment of the market that has been historically underserved – the middle market. For these companies, speed to value and low complexity are key. Both Osano’s consent management solution and newly released data discovery product shine on these aspects, without sacrificing any of the robustness that comes with legacy enterprise-grade solutions.
  • Last, and perhaps the most core to their success, there’s a phenomenal founding team. Arlo and Scott, in just a few years and within a massively competitive market, have positioned Osano as a best-in-class consent management solution. And we’re confident in their ability to continue expanding their capabilities and capture the vast opportunity that lies ahead of them.

The Road Ahead

Privacy is an issue that has been top of mind for many people for the past decade but fluctuated in the attention it garnered as the market and regulations played catch-up. It took the world some time to truly put privacy in the hands of consumers, finally exposing what was being done with their data behind the scenes, and actually beginning to hold the data collectors accountable. With the help of companies like Osano, we’ve finally reached that milestone.

That being said, the space will continue to rapidly evolve and we believe it will unfold similar to what we’ve witnessed in the broader cybersecurity market: with a few best-in-breed solutions winning for a specific capability or customer segment versus a winner-take-all, full-stack solution. We fundamentally believe that Osano will be the winning solution in their respective segment – all things governance, compliance, and discovery-related. But beyond this, we also think there’s room for another wave of successful privacy companies – namely, privacy-enabled analytics tools. Once companies are able to effectively automate their policies and processes, the next question becomes how analytics teams can continue to use their consumer data in a way that doesn’t 1) leave them open to vulnerabilities, 2) slow down processes due to comprehensive security requirements, and 3) doesn’t compromise the accuracy or depth of their insights.

Know any companies we should be talking to? Interested in learning more about Osano? Reach out to us.


  1. https://techjury.net/blog/how-much-data-is-created-every-day/#gref
  2. https://www.cnbc.com/2020/07/1...
  3. https://tamebay.com/2021/05/personal-data-privacy-is-important-to-consumers.html
  4. https://techcrunch.com/2020/12/10/france-fines-google-120m-and-amazon-42m-for-dropping-tracking-cookies-without-consent/
  5. https://www.bloomberg.com/news/articles/2021-07-30/amazon-given-record-888-million-eu-fine-for-data-privacy-breach
  6. https://www.cnbc.com/2021/09/02/whatsapp-has-been-fined-267-million-for-breaching-eu-privacy-rules.html

By Saaya Nath

Back to Insights