Your Data, Their Rules

As vendors bring out sharp elbows to fence in data assets, enterprise customers need to stay vigilant in protecting their data rights.

Introduction

One of my all-time favorite books is Hamilton Helmer’s 7 Powers. One of the powers he highlights is cornered assets – do you have access to something that no one else does? This is a powerful moat for companies because it gives the owner of the cornered asset the right to make a larger profit than competitors over a longer period of time. Cornered assets mean different things in different industries. For example, in real estate, it could mean a particular developer owns a coveted corner lot in a high foot-traffic intersection. In healthcare, it could mean a particular pharma company owns the exclusive right to sell a certain drug for a certain period of time.

In the age of gen AI, the new cornered asset is data. So how do companies turn data into unique advantages? There is a power struggle between companies to control and access data. We see this playing out on 3 levels:

1. Third party model training data – Inputs used to train gen AI models, such as scraped web data and synthetic data.

   1. Ex: Reddit is suing Anthropic for scraping their user content

2. Model output data – ownership / legal protection of AI generated assets.

   1. Ex: Thaler v. Perlmutter was a case deciding what types of AI generated assets are eligible for copyright

3. Internal enterprise data – Internal data generated by a company, such as employee email messages and customer transaction logs, which are private and proprietary to the company.

While courtroom decisions dominate data rights in the first two categories, the data rights in the third category are playing out through business deals and decisions. Enterprise data is becoming a critical sticking point between vendors and customers because it is one of the biggest cornered asset moats enterprises have.

Enterprise Data as a Key Source of Differentiation

In an enterprise setting, just having AI is not a differentiator. Most companies have access to the same gen AI models and apps. Differentiation hinges on your proprietary enterprise data, and how that gets braided into gen AI uses cases. Enterprises generate mountains of valuable data: product telemetry, internal chat logs, CRM notes, case studies, and financial planning documents. This data determines how well an AI assistant performs, how accurate a RAG system becomes, and how much of the company's institutional knowledge can be preserved and leveraged. Your data is one of your most strategic assets, and if you don’t control it, someone else will. Today, there are multiple points of tension on who can use and access what parts of enterprise data. Here are two case studies on how this is playing out in “the real world”.

Example 1: SAP Databricks Partnership

The SAP Databricks deal illustrates this power shift. This partnership enables customers to bi-directionally share data between SAP and their enterprise environment, making it easier for them to access and use their own enterprise data.

As an ERP, SAP holds a ton of valuable customer data, and they already have native database product. Why would they give Databricks a share of the pie? After all, it is not in SAP’s favor to be more open because this erodes vendor lock in and customer engagement. I suspect customer pressure for more open access likely forced SAP to yield. In this case, customers win—they gain greater control over their own data assets. Databricks also wins because by enabling customers to pull data out of SAP, now more data sits with Databricks.

Example 2: Slack API Updates

Now, contrast that with Slack. In May 2025, Slack updated its API Terms of Service to block bulk export and long-term indexing of Slack messages for external AI or analytics tools. In exchange, the company is offering a real-time search API product to keep tighter control over third party Slack data usage. And unsurprisingly, their parent company Salesforce has been making a strong push into enterprise gen AI through their Agentforce products. I would not be surprised if other incumbent enterprise vendors start to do the same.

This complicates things for systems of consolidation like Moveworks that depend on open access to enterprise data. Crucially, this raises the question: who has the right to grant or revoke access to customer data? This move by Slack took place with no input or influence from the end customer, but they bear the negative consequences as well. Individually, customers have limited bargaining power vs Slack due to low customer concentration. And practically, Slack benefits from a decent amount of vendor lock in due to their store of user messages. In this case, customers lose—they have less control, less transparency, and diminished interoperability.

In addition to restricting API access, Slack also uses customer data to train their own models. Customers are by default opted-in for allowing Slack to train global models based on customer data. And Slack doesn’t make it easy to opt out. From Slack’s website: “If you want to exclude your Customer Data from Slack global models, you can opt out. To opt out, please have your Org or Workspace Owners or Primary Owner contact our Customer Experience team at feedback@slack.com with your Workspace/Org URL and the subject line ‘Slack Global model opt-out request’.” Unsurprisingly, most customers aren’t going to send this email.

Takeaways for Operators

I’m of the belief that data generated by an enterprise should belong to that enterprise – they should have the right to determine which vendors get to keep or access what parts of their data. So how can companies navigate this shifting landscape? Recognizing this is easier said than done:

1. Customer decision makers need to be ultra-vigilant around vendors’ data access and rights.

2. Don’t assume standard agreements protect you—ask for explicit limits on data use, model training, and retention.

3. Interrogate vendor defaults to avoid opt-in data sharing.

4. Choose vendors and tools that support open standards and composable architectures.

In this evolving landscape, enterprises should treat data governance as a strategic priority, not overhead.

Conclusion

In the current environment, proprietary enterprise data is a critical source of differentiation. As a result, I expect enterprise data rights to be a growing area of tension and litigation between customers and vendors. Enterprises can no longer afford to be passive participants. Operators must actively shape the data rights landscape through intentional procurement, strong internal governance, and demand for transparency, because data ownership does NOT mean data control. In the age of generative AI, the best companies will become experts in controlling, manipulating, and compounding their proprietary enterprise data assets.

Comments

[Jerry Batteh]

👍👍👍👍👍👍