Zoho takes their B2B data privacy stand - "We will not be part of this industry practice." But will it pay off?

"B2B software vendor takes bold stance on privacy." I know what you're thinking. I get your cynicism. Yeah, pretty much every B2B vendor talks that happy jive about protecting customers' data.

But how many vendors are willing to take privacy to the extreme of no-third-party-cookies allowed on their site? Even if it means losing valuable Google Analytics data that informs the results of marketing campaigns?

How many companies refuse to use the AI tooling of the consumer giants and third party specialists, and build all their own AI technology in house? All that to ensure no customer data ever leaves their own private data centers? How about: no business done with the public cloud hyperscalers at all, to avoid any data sharing "terms of service" they may impose?

That's what Zoho is up to. It's an extreme stance - one that provoked plenty of compelling debate at ZohoDay 2020, Zoho's recent analyst day in Austin. But even if a stance is ethically appealing, a business is, in the end, a business. Will this stance provide Zoho with a competitive edge? Could it make them vulnerable in cutthroat markets?

In truth, this really isn't a change of direction for Zoho at all. Privacy and internal data centers are outgrowths of their long-time stance:

But how many are aware of B2B privacy risk? In Enterprise hits and misses, each week my "whiffs" section is loaded with privacy transgressions. Most of them, however, come from B2C, via the flawed free/advertising models that play notoriously loose with our data.

In his diginomica column, Consumer privacy breaches are in the news. But who's spying on you at work? Raju Vegesna, Zoho's Chief Evangelist, called out the B2B privacy problem. He starts by tagging big tech companies with an unsavory-but-accurate name:

Heavyweight tech corporations are turning into surveillance companies, tracking the behavior of businesses and users — who have become heavily reliant on their ubiquitous services and platforms.

And yes, B2B companies utilize these services too. Vegesna:

Software companies pay top dollar for advertising online and want to know whether that investment is translating to leads and increased traffic. These companies rely on free services such as analytics or tag management or usage stats provided by Big Tech companies and in turn pay by exposing user data. Unbeknownst to users, SaaS vendors will run trackers to qualify user behavior, check their click-through rates, and then share that information with third-party 'surveillance' companies as a kind of quid-pro-quo.

Ergo:

On its face, this is only a matter of privacy so long as the data stays secure. However, in this era of big breaches and given the track record of some of these large tech companies, the potential for a data leak is increased exponentially — all without the customer, user, or visitor knowing about it.

Want to know if you're truly changing your behavior? It hurts a little bit. And so it is with Zoho. In addition to the aforementioned data center and AI resolve, as analyst Laurie McCabe puts it, Zoho upped the ante:

• They removed Facebook (no like or share buttons on any Zoho web properties)
• They removed Twitter (no tweet buttons on their web properties)
• They removed Google (no Tag Manager, no Google Analytics)
• They removed trackers from all ad companies

Whether or not you think this gives Zoho an edge, we can safely say this: it does give them a rarified privacy credibility. And they are seizing it. At ZohoDay 2020, Vegesna doubled down. He argued there is a difference between that which is legally and morally acceptable. They aim to be guided by the latter:

At Zoho, we are taking a stance. We are not going to let surveillance companies track users on our property.

Is that stance a path to greater profitability? I don't know. But it had to feel good to put that language on a slide. I won't deny: it felt pretty damn good to read it.

Vegesna conceded this comes at a cost. But cost is not the only risk. This also impacts Zoho's AI strategy. As best I can tell, they don't ever use their own customer data sets for training their algorithms (that's a topic to get more details on when we're not in an NDA session, perhaps at Zoholics 2020 this spring).

Bottom line: Zoho believes they can train their homegrown AI algorithms on limited data sets, far from the data volume that creepy-crawly AI startups like Clearview AI are employing (Zoho does employ some third party test data). Zoho doesn't want to risk moving data to public clouds, or sharing any data with third party AI tooling. This puts a lot of pressure on Zoho's core precept:

We are a technology company, not a software company.

As you might expect, the convergence of extreme data privacy and breaking from the AI/public cloud norm provoked vigorous debate amongst the analysts, and even a bit of incredulity:

Zoho urges other B2B companies to join them in this privacy pursuit. In the meantime, Vegesna encourages concerned B2B customers to ask these questions:

• Are third-party privacy policies easy to understand?
• Does your employer pledge to keep employee data private? "A recent Gartner survey found that more than half of companies used 'non-traditional monitoring techniques' to track employees. In addition, when employees use apps such as Twitter while at work, they may be divulging information on how and when they use other common workplace apps."
• Does your employer use apps that don't collect consumer data?

My take

Will Zoho's commitment to privacy give them a competitive edge? I believe it will, but we'll need to see it play out for a bit. It certainly works well as a marketing message; customers are weary of third party data swapping buried in sketchy terms of service. Some of the drawbacks are short-term. For example, I speculate that Zoho will eventually replace whatever Google Analytics brought them with their own internal tooling. Yes, at a development cost, but they'll build whatever campaign visibility they need.

Another huge perk of Zoho's approach: how many vendors had to redo/rethink their software, or even shut down, after GDPR passed? Same with the California Consumer Privacy Act. Zoho is basically already in compliance with whatever privacy regulations come down the pike, so they won't have to eat that cost.

I don't even think the private data centers are the big risk; Zoho is one of the few vendors with the chops and expertise there. But if, in five years, Zoho's AI capabilities are behind that of their competitors, that could pose market problems. I also think that using aggregated customer data, as Coupa does with their embedded community intelligence functionality, is an area Zoho will eventually need to take a hard look at (99 percent of Coupa's customers participate).

That said, Zoho's NDA presentation of AI scenarios was the most impressive enterprise AI tooling demo I've seen this year. I speculate they will share some publicly at their Zoholics user conference in April. If so, we'll issue an update then.

What we're dealing with here is a company that is outside of analyst comfort zones:

Zoho will take a hit on revenue growth if it means compromising a core value. Leaving money on the table is not something we're used to in this industry:

Zoho doesn't like to be called a business software company. Well, they are certainly a tech company now. Will they prove it out? You can bet we'll be watching keenly.