Regulatory mandates EU PSD2 in the European Union and Reg 1033 in USA have decreed that banking data belongs to consumers and stipulated that banks must let consumers access their master and transaction data and also that they must provide a convenient way for consumers to share their data with fintechs. I call this “B2C Data Sharing”. I’ve covered this topic this blog many times.
This post is about sharing of data belonging to businesses by their SAAS and AI platforms aka “B2B Data Sharing“.
Business data includes master and transaction data related to sales, marketing, financials, production, HR and other functions of a company. It’s shared with SAAS and AI thusly:
- To use a SAAS, a company must obviously input its data into the SAAS software.
- While GenAI / LLM comes pretrained with its own data (that does not necessarily belong to a company), most companies input their own data via finetuning and RAG (Retrieval Augmented Generation) processes to ensure that the AI’s output is relevant to them.
I’ve come across many instances of B2B Data Sharing in the past 10 years or so. Some of them are described below.
1. Salesforce & Oracle
I first broached this topic in 2016 in SAAS – What’s In It For Vendors?:
In the onprem world, all customer data stays on the customer’s infrastructure. Whereas in the SAAS model, they reside on the SAAS provider’s infrastructure. This means the SAAS vendor has access to data of multiple organizations. If it chooses to, it can mine the data to gather insights. According to Fortune, Salesforce and Oracle have announced plans to do so.
I can think of many features enabled by this data sharing. For example:
Companies A and B are competitors. They both use the same SAAS CRM. They have both logged a lead for the same Prospect X on the CRM. The lead is in MQL (Marketing Qualified Lead) status for both vendors. Then, one day, Company A’s rep updates the status of this lead to SQL (Sales Qualified Lead) after meeting with a Ms. PQR at X. The SAAS mines this data and draws the insight that Company X has progressed the case by meeting with this person. It then sends out a friendly notification to Company B e.g. “Hey meet Ms. PQR at Prospect X to accelerate your sales cycle”.
I have no idea if Salesforce and Oracle actually built any such features but, four years later, a litigation fund filed a €10 billion lawsuit against them for violating data protection laws in the European Union.
Oracle and Salesforce targeted in €10bn GDPR lawsuit backed by profit-making litigation fund https://t.co/Wmrzio5Zsi via @theregister.
Does anyone know the status of this lawsuit?
Oracle. Salesforce. EU. GDPR. Customer Data.— Ketharaman Swaminathan (@s_ketharaman) August 20, 2024
2. ShopKirana
In 2020, the cofounder of ShopKirana went on record that his company shared competitor data on fast moving items to help its store customers stock up accordingly. For the uninitiated, ShopKirana is a leading provider of SAAS for khirana stores (aka India’s version of mom-and-pop stores),
3. Carta
Carta is a SAAS for startups to manage their fund raise and cap table. Among other data, it helps startups record investors and shareholding data. Its subsidiary Carta Liquidity facilitated secondary market trades. Sales reps of Carta Liquidity accessed cap table data of startups using its software and reached out directly to shareholders, encouraging them to sell their shares, often without the knowledge or consent of the startups’ leadership. This was obviously a serious breach of trust. The fallout was severe, with Silicon Valley criticizing Carta for undermining the integrity of its core cap table management offering. Carta’s leadership quickly shut down its secondary trading business in response.
4. Zoom
Last year, Zoom floated a trial balloon that it would train its AI on audio, video, chat, screen sharing, attachments, and other customer data but withdrew its plans quickly after facing a massive backlash from its customers.
5. SAP
SAP recently told Economic Times that it’s planning to develop a Business LLM.
According to the ERP major’s CEO Christian Klein,
We are developing foundational AI models in our labs in India. No other technology company on this planet has more business data than SAP. We have finance data, HR data, sales, manufacturing data and everything. And now we are using these large language models (LLM) for texts, contents, and graphics, and we are building the most powerful foundational model for business data.
Obviously, Herr Klein is not talking about SAP AG’s internal data, so this implies that the company will train its AI on the data of its customers.
Not sure how this will go down with SAP’s customers.
Since the dawn of business, companies have engaged consultants to informally gather intelligence about their competitors, given that a consultant is likely to have worked with multiple companies in the same field. In one of those wonders of the universe, somehow each company thinks it will get its competitor’s confidential info but that its competitor won’t get its confidential info. I’ll add this to my long list of polite fictions (click here, here, and here).
AI + SAAS can elevate the collection and dissemination of market intelligence to the next level.
To that extent, B2B Data Sharing is a problem of degree, not type. Let’s see how the market responds.
As for the law, I haven’t heard anything in the mainstream media or X fka Twitter about the aforementioned GDPR violation lawsuit. When I asked ChatGPT for an update recently, it informed me that a Dutch court dismissed the lawsuit against Salesforce and Oracle in 2022.
Emboldened by this verdict, I’m guessing that SAAS and AI companies will go full steam ahead with B2B Data Sharing. Time will tell how my prediction will age.
Meanwhile, many countries have passed regulations stipulating that data of customers must be stored within their own jurisdictions.
I’ve always wondered how these data sovereignty regulations will work in actual practice. After all, data doesn’t process itself or decide where it will be stored. Code does. Often, code encrypts the data and stores it in a proprietary format that’s unintelligible to others. The SAAS or AI vendor controls the code and thereby the customer’s access to the feature that allows the customer to download the data in open formats like CSV and JSON. If the vendor’s home country sanctions someone, the vendor will be forced to block the customer from using the software. Ergo the customer will lose access to the download feature and won’t be able to download the data even if it’s stored within its own jurisdiction.
I hope I’m missing something – I wouldn’t want data sovereignty to join my already long list of polite fictions.
If anyone has any thoughts on this subject, please share them in the comments below. Thanks in advance.