[mikece]

I’m curious if security consciousness has been raised to the point where people are willing to pay for the iron-clad guarantee that their information will never be sold... and if it’s enough to support privacy-first apps and startups.

[vukjanosevic]

Great question. There's certainly a raising awareness on data privacy, from both consumers and companies. A clear driving force is coming from regulators, as well.

If anything, companies can use privacy-first value proposition as a distinction.

[imglorp]

Is there any instance of (a) a SaaS with a legally binding contract with some teeth around user privacy and (b) where that clause was exercised and the user benefited?

The civil route be an alternative to regulatory solutions.

[vukjanosevic]

one hundred percent agree. The civil route is the only one where we can achieve a true change. The regulations can push, but consumer demand will ultimately change business perception

[milstan]

Regulation doesn't make the social change. Software does.

[imglorp]

Ah, the third leg of the solutions stool: civil, government, and tech. I'd argue any culture will have a mix of all three.

For traffic accidents, there might be various applications of lawsuits, citations, and speed bumps in your town.

In the case of SaaS, we might have only one or two. For example, take LinkedIn last week, selling everyone's PII to ScribD. There might be legal issue in GDPR or CA jurisdictions. There's probably no civil one (?). There is certainly no tech one: you need your PII to be on LI so your friends can find you, because that's the value of LI. I suppose in there future there could be a tech solution here with agents representing you in the cloud, or maybe e2e homomorphic encryption, but it's surely not what drives LI's income at the moment.