Ethyca, the privacy-by-design technology startup that has built a unique set of APIs, detection tools and analytics to make it easier for organizations to adhere to data privacy policies like GDPR, is taking a couple of big steps today as it gets deeper into the business of data protection.
First, the New York-based startup is open sourcing a set of developer tools it has built, called Fides, so that developers can build privacy tools and monitoring mechanisms directly into their codebases. Second, it has picked up an additional $7.5 million in funding so that it can continue developing and commercializing its proprietary tools, specifically APIs to make it easier for those building or monitoring privacy compliance to do so.
The funding, an extension to its June 2020 Series A of $13.5 million, is coming from existing investors — specifically Lee Fixel, IA Ventures, Lachy Groom’s LGF and Table Management (Bill Ackman), and it brings that Series A to $21 million. Ethyca has raised $27.5 million to date, and has amassed dozens of customers that include the likes of Away, IDEO and InVision.
Founder and CEO Cillian Kieran said that Fides was actually the motivation for starting Ethyca in the first place. His thesis in 2018 was that privacy was becoming a more critical and essential aspect of building and running digital services — not only because data protection regulations and the demands of cybersecurity challenges were increasingly demanding it, but so too were the users of those services who were becoming more aware of how their data was being used (and sometimes abused).
Added to that, of course, is the role of the developer, or the organization itself, in the equation. Many believe that to get data protection right, you have to build it in from the very beginning, both as a priority and as an actual technical part of how a system works — a concept that people often refer to as “privacy by design.”
While Ethyca’s APIs are aimed at essentially building versions of those tools to make it easier to monitor and account for privacy within an existing workflow, Fides gets to the heart of it all for those who are building, to program it in from the start. Fides itself is described by Ethyca as an open source definition and configuration language for describing privacy constructs in data and software systems. It is being released initially with two OSS tools, Fides Ops and Fides Control, that respectively cover orchestration of privacy rights in an organization’s data infrastructure, and the validation of privacy rules in CI/CD workflows.
“Essentially, we have inserted privacy into the CI/CD pipeline,” Kieran said. He likens how it works to companies like Snyk, which is used by developers and starts looking for security loopholes and vulnerabilities before code is ever put into production. “Fides can do the same with the privacy.” Snyk, I’ll point out, has skyrocketed in valuation in recent times, a sign of the high priority placed right now on addressing security and data protection at the DevOps level.
In the case of Fides, the idea is that the toolkit will, for example, be able to detect when code is calling in user behavior, data and location at the same time. If the business doesn’t permit that, Fides will flag the relevant part of the code to fix it before it goes into production. It can also be used to automate data rights requests, such as when a person asks to be unsubscribed or have their data deleted from a system — something that typically can take many hours or weeks to carry out manually (as it often is).
Fides meanwhile already integrates with database platforms like Amazon’s DynamoDB and Redshift, Snowflake, Databricks, MongoDB, MariaDB, Microsoft’s SQL Server, MySQL and PostgreSQL, and it has signed on Slack and GitHub as supporters of its open source community.
The funding will let Ethyca continue to hire to build out that commercial business while continuing to contribute to what it believes needs to be at the heart of how privacy is built in the future.
“Our investment and ongoing excitement in Ethyca reflects the need for a developer-first approach to privacy and compliance as code,” said IA Ventures’ Brad Gillespie, in a statement. “The release of Fides is the culmination of three years of work for the team and a first step towards defining a much-needed open standard for privacy. With Fides, Ethyca shows they’re thinking proactively about how best to solve the higher-order challenges that will shape data privacy discussions over the coming decade. We’re thrilled to support them in their ambitious plan to shift privacy left into the Software Development Life Cycle through open-source developer tools.”