Who Owns the Data in SaaS and IoT?


Why does Google know more about your inventory than you do?


Data Disruption and Discomfort

The Internet of Things applications and services are raising many disturbing questions about data security, policy, ownership, and rights. For more than a decade SaaS solutions providers have been managing sensitive information on behalf of their customers. Data includes customer lists; financial information such as purchase orders and payments; product catalogues, product and shipment locations; as well as asset and employee data. These are very diverse applications, but they all require security and privacy as a basic tenet of the relationship.

Of course, the major role of these SaaS solutions, whether they are transaction management or tracking, is to fulfill the needs of the one paying customer. Yet for many years these SaaS companies and industry ecosystem participants have known and discussed the fact that these systems are sitting on a treasure trove of information.

Pandora’s Box?

So the obvious question is: who can use this data and for what purpose? More than ten years ago we asked this question of our SaaS technology clients: “You see the best prices, best routes, best performance, since you see all the deals and prices and other performance achievements of your customers and their service providers. Couldn’t that benchmark data be used to improve processes?” In those days the answer boiled down to: the data we host on our site is a sacred trust. But of late that mindset is changing. Examples are better demand management accuracy1 for carrier and routing pricing, and performance data.2 New forms of subscription data are being introduced into the market that aggregate and analyze these treasure troves of data. For example, RFID providers are surely learning that collecting and analyzing RFID locating, sensing and other data across various industries has turned them into a profitable enterprise. (Read RFID Software Solutions are Evolving Rapidly in this issue.) Most of the providers I have talked to are pretty clear that getting to this point was a journey that took many years and many discussions with customers on the pros and cons of sharing data, ascertaining that the customers were OK with this.

What logically follows as the next question is: If the data is published, even in aggregate, no doubt the worst performers can see where they need to perform better; this means the best performers may lose their competitive advantage.

When I talked to Brent Hutto of Internet Truck Stop, he told me that although that could be the case, in practice, what is happening is quite different. This data provides shippers and carriers with a kind of market analysis for contract and spot freight segments by region and trailer type. In today’s market, he said, many lanes are underserved. These underserved lanes, of course, allow carriers to charge better rates for them. Having this data allows even the small carrier to make an informed business decision about getting that added business. Shippers get what they need, and carriers, as well. This challenged my thinking about shippers negotiating and squeezing down fees.

GT Nexus and their Shipper Council is another case in point. The shipper council was started a little over ten years ago to address an industry challenge associated with poor ocean transportation data. If you believe that information is a competitive weapon, why would you work with others to clean up the murky data situation in multi-party logistics data? Because these organizations realized the problem was just too big to go it alone. Cooperation rather than competition has helped the ecosystem improve data quality and, thus, has also improved the value of the investments these firms make in technology.

However, what happens when the SaaS provider is not so secure or just doesn’t value the privacy of its users? This is a particular issue, of course in the freemium world. No doubt, the internet is a place of transparency. You have to know that your data is your fee for use. But what is alarming is that non- freemium SaaS vendors may not (and some do not) subscribe to a privacy and permission philosophy.We have heard some very staunch statements from some newbies that the data they host “is my data.”Really?

This is a slippery slope, since once one provider sees another doing it, they figure it is OK for them to do it too, not realizing there are privacy regulations or (at the very least) a cultural and sacred trust that customers assume governs their relationship with their providers.

“Pandora” has been showing up in a lot on the web in the form of bots and crawlers who, for some time, have been taking enterprise data about inventory and so on and making it public. Some consumers like this, since they can find which retailer is likely to have the product they want right now. Yet vendors are revealing products, prices, and yes, sales. So it is a conundrum — are there benefits or possible downsides of others knowing your business (like your competitors)? Today, the specific phenomenon is not that your software provider is revealing your data, but rather that third-party web crawlers are mining and finding that data. Are you really OK with that?

But other, to the point, questions are: Can your SaaS application or service provider monetize your data — not just share it as a service to existing customers for benchmarking and the like, but actually charge for that data? How do existing paying customers feel about that?

What about the IoT?

Now along comes the Internet of Things which reveals a whole new depth of rich information. Embedded intelligence, sensing, and communicating to applications is not new,3 but it is growing in a way that changes companies’ foundations (read Are You an IoT Company). After all, this is the information age where value is not just derived from the mechanical or physical aspects of processes or assets, but in the information they contain. As the value of the information grows as compared to the mechanical asset, companies are reassessing the information game. What is my product or service? What can I do/charge for? What information can I gain access to? What value can be derived from that information and to whom would it be valuable?

In a panel I recently moderated at Connect Things 2015, with companies as diverse as United Technologies, Nuance, Seldera, Truck Smart Parking Service (TSPS) and Bigbelly, I was able to ask some of these important questions about data, its value, and ownership.

Brian Phillips framed the opportunity for Bigbelly (and others), which illustrated the point. Since Bigbelly has built a mesh network to monitor their equipment (which sits on streets across a town) with the purpose of notifying trash collectors when to pick up trash, they are also able to sense, monitor, and collect a lot more useful data about that location (see Figure 1) such as traffic, weather, and other data to support the environment, public safety, and so on. This not only saves the towns money, but improves the quality of life for the community. So a foundation of value and a cooperative working relationship exists with the customer, a foundation that allows for growth and new ideas such as: Can they develop and monetize other applications for their customers? And then, can they leverage this data for other subscribers and monetize that?

Source: Bigbelly
Figure 1 – Bigbelly’s Future

Since a lot of the infrastructure has already been paid for, this is an added benefit to the towns, organizations, etc. that are customers today. But how will existing customers feel about sharing that data with others? Certainly some of the others will benefit, but their leverage of the data could also benefit the existing customers. For example, reducing congestion during rush hour, improving on-street parking, and so on improve the situation for townspeople, shoppers, delivery/service trucks, etc. So the question becomes: How does one determine when and how to share that data? And who has the right — or not — to be in that conversation?

The discussion about allowing ‘your’ data to be used was also discussed by Truck Smart’s Carl Rundell, who brought up the imperative that the mutual value proposition of data sharing must be clear. For example, he brought up a few important aspects about location data and personal information. As he pointed out, the typical truck driver already lives in a wired world with telematics, mobile communications, locating systems, GPS, and so on, and has probably been doing this longer than most professionals. However, most of the data passing between parties was restricted within a ‘permissioned’ small set of people and systems.

In a multi-party framework among parties who may not know each other, but want to find each other, there has to be a perceived and strong value proposition to open up that data to the unknown parties. Rundell pointed out that truck drivers provide their preferences, since they are seeking services while driving long distances, services which are often in short supply. Thus, they are giving access to their location (for example), but getting benefit.

Rick Warner, founder of TSPS, adds some thoughts here that we are not just talking about data. Solutions like TSPS collect vast volumes of data sources — both public and proprietary — and analyze them to provide intelligence to customers. And that intelligence is not necessarily for the public domain. Enterprises still have critical information about their assets, their locations, and so on that they want to remain private.

Sifting through all the data to support informed but instant decision making is why users pay technology companies, after all. And providing data to a truck driver about services he may take advantage of on the road is, well, that’s advertising, as far as I (the author) see it. Whereas, providing data about the truck driver, the load, etc., probably is not data for the public. There are too many risks today4 on the road to signal competitors or thieves. Thus, this is a semi-open environment.

Manufacturing, on the other hand, is more of a closed world within the enterprise with a short list of providers, such as equipment manufacturers and software providers, in the mix. In this world, data collection, process monitoring, and analytics are not new. But the data were generally restricted to the manufacturer who responded to discrete needs. Equipment providers did have meters, so when they arrived to maintain or repair equipment they could glean some maintenance-related information.5 There was little remote monitoring. However, as equipment manufacturers think about changing their business model to performance-based contracts, leasing and so on, their need to monitor and control from off-site locations has increased. Thus, it becomes essential for this closed world of manufacturing data to open up a little. The giving for getting — the value of sharing.

Today these needs are served by domain-specific applications — manufacturing execution, track and trace, logistics visibility and so on. Many of the older systems are not designed to absorb IoT and multi-party data. This leaves the door open to a new generation of ‘IoT-built’ or purpose-built applications for these domains — moving beyond IoT tool sets. Examples at Connected Things were Savi’s Insight product for logistics and Skedastic Systems, a start-up, for manufacturing execution. These purpose-built applications become custodians of data for a discrete set of permissioned users. Security is ultra-critical with Savi, but they do leverage lots of streaming data to enrich their solutions.

Recommendations and Warnings

No doubt, this article brought up more questions than it provided answers. But that is the state of the market today. So some warnings and recommendations are in order.

For the user, yellow warning lights:

  • Review the privacy policy and regulations of the states your business operates in
  • Audit and monitor the security practices of the SaaS provider — trust by verifying
  • Read those sign-up agreements’ fine print. Mostly, they entitle the vendor to various uses.
  • Don’t download without reviewing all the other partner software and permissions that the provider may also want to install on your machine. In general, you have to specifically turn this off to avoid getting unwanted additions. (The partners’ software also gets the right to use your email and other data to monitor your activities.)
  • B2B application users should have a very specific discussion with the provider regarding exactly what their data policies and intentions are. Make sure you clearly understand how and why they may be using your data for purposes beyond the specific needs of your application’s operation.

For the solution/service provider:

  • Green light: What is the product or service you are really selling? If information informs and optimizes enterprise processes for the asset’s owner or leaser, the value proposition may be strong enough to provide a new application opportunity.
  • Yellow warning light: Is the objective/data sharing beyond the original purpose that was the foundation of the initial application? Does your customer consider that data ‘theirs’? If that data sharing or Information-as-a-Service is likely to leverage specific customer data in some new way beyond that customer, you owe it to them to have ‘the conversation’ and gain their agreement — in writing — to this usage. Otherwise this is a red light!
  • Create a data policy congruent with the needs of your customers and the marketplace.

And remember, at the end of the day, especially for B2B, the real value of software will always be in the processing and analysis — not in the raw data which is being commoditized!

Our prediction is that the debate will get louder and probably more contentious as competition to be the data provider/platform for IoT data heats up.


1 Published by Terra Technology each year. — Return to article text above
2 Published by Internet Truck Stop. — Return to article text above
3 Read about IoT platforms in our last issueReturn to article text above
4 A recent white paper we wrote on mitigating logistics risk with IoT solutions can be accessed here:Driving Risk Out of the Supply Chain. — Return to article text above
5 For example, after so much usage, a part needs to be replaced, and so on. — Return to article text above

To view other articles from this issue of the brief, click here.

Scroll to Top