Every digital business model depends on data. It may be product data, usage data, sensor data, customer data, training data, platform data, diagnostic data, transaction data, location data, performance data, or data generated by connected devices and AI systems. Some of it is personal. Some of it is technical. Some of it is commercially sensitive. Some of it is only valuable when it is combined with other data sets, enriched through analytics, or embedded into a service workflow.

This is why Data Protection and Privacy will be the topic of an upcoming OFB Fireside Chat. The discussion will focus on a question that is becoming central for many companies in the digital transformation: Which data creates economic value, and under which legal, technical, contractual, and strategic conditions may the company actually use it? In practice, data is often treated either as a compliance issue or as a business asset. The real challenge is that it is usually both at the same time.

That gap becomes critical when companies build digital products, AI applications, platform models, data based services, connected devices, or software enabled offerings. The value proposition may depend on collecting data continuously, combining data across systems, learning from user behavior, improving algorithms, personalizing services, creating benchmarks, training models, optimizing processes, or monetizing insights. But the ability to create value from data does not automatically mean that the company has the right to use that data in the way the business model requires.

Data is not only collected. It is controlled.

A common misunderstanding is that data protection only matters when personal data is involved. That view is too narrow for digital business practice. Personal data is, of course, a central privacy issue. But data related business models also raise questions of access rights, contractual use restrictions, database rights, trade secrets, confidentiality, data quality, cybersecurity, product liability, sector specific regulation, AI governance, and IP strategy.

The real management challenge lies in the overlap. A data set may be technically accessible, but not lawfully usable for a new purpose. It may be commercially valuable, but contractually restricted. It may be non personal at first glance, but become personal when combined with other data. It may be useful for AI training, but unsuitable because of confidentiality obligations. It may be generated by a product sold to a customer, but still depend on usage rights, platform terms, consent structures, or regulatory limits.

Good Data Protection and Privacy management therefore begins with a demanding question: Which data does the business model require, and what makes that use legitimate, reliable, secure, and strategically controllable?

The business model dependency problem

Many companies are becoming data dependent without fully seeing the dependency. They know that data improves products, enables services, supports AI, strengthens customer relationships, and creates new revenue opportunities. But they often do not clearly map which parts of the business model depend on which data flows, which legal permissions, which technical architectures, which contracts, and which internal governance structures.

This becomes visible when digital offerings scale. A pilot project may work with a small group of customers, a limited data set, and manually controlled consent. But scaling the same solution across markets, customer groups, jurisdictions, product generations, cloud environments, and ecosystem partners can expose weaknesses that were invisible at the prototype stage. Suddenly, the company discovers that data cannot be reused for analytics, that customer contracts do not cover benchmarking, that data quality is insufficient for AI training, that personal data cannot be combined as planned, or that a partner controls access to a critical data layer.

Data Protection and Privacy is therefore not only a legal safeguard. It is a scalability discipline. It helps companies understand whether the data logic behind a product, service, platform, or AI system can actually grow without creating hidden legal, operational, or strategic fragility.

From privacy compliance to data value architecture

The key shift is to move from isolated privacy compliance to data value architecture. Compliance asks whether a specific processing activity is lawful. That remains essential. But digital transformation requires a broader question: How is data generated, accessed, classified, governed, protected, combined, analyzed, shared, and monetized across the entire lifecycle of the product or service?

This connects Data Protection and Privacy directly with IP management. Data itself is not always protected like a classical IP right. But the economic value around data can be shaped through contractual control, database structures, trade secret protection, technical access systems, software architecture, API governance, documentation, data models, know how, AI workflows, and platform rules. In other words, companies often protect data value not through one right, but through a combination of legal, technical, organizational, and strategic control points.

That is why privacy teams, IP teams, legal departments, R&D, product management, IT security, data science, business development, and corporate leadership need a shared language. If these functions work separately, privacy may become a late stage blocker, IP may overlook the real source of digital value, and business teams may build services on assumptions that do not hold under legal or technical scrutiny.

Privacy by Design needs IP by Design

Privacy by Design is well established as a principle. It means that privacy requirements should be built into products, systems, and processes from the beginning. But in digital business models, Privacy by Design is not enough on its own. It needs to be connected with IP by Design.

IP by Design means asking early which parts of the digital offering create protectable or controllable value. Is it the software architecture? The data model? The user interface? The AI training process? The sensor configuration? The benchmark database? The customer workflow? The integration logic? The contractual access structure? The brand trust around responsible data use? These questions shape how the company can defend its position, cooperate with partners, scale the solution, and avoid losing control over the value it creates.

When Privacy by Design and IP by Design are treated separately, the company may produce technically impressive but strategically weak outcomes. A product may be privacy compliant, but leave the data value uncontrolled. Or it may be commercially attractive, but privacy fragile. Or it may generate valuable data, but without clear rights for reuse, training, service improvement, cross selling, licensing, or ecosystem participation.

The stronger approach is to design privacy, data access, data quality, and IP protection together. That means mapping data flows before the product is launched. It means clarifying rights before data is collected. It means building consent, contracts, technical controls, and documentation around the actual value logic of the business model. It also means deciding which data should be kept confidential, which insights should be protected, which outputs can be shared, and which parts of the system should become part of a broader IP strategy.

AI raises the stakes

AI makes the topic even more urgent. Many AI applications depend on large, diverse, well structured, and legally usable data sets. The quality of an AI system often depends less on the model alone and more on the data environment around it. That includes training data, validation data, feedback data, user interaction data, domain specific annotations, expert corrections, and operational performance data.

This creates new questions. Can customer data be used to improve a model? Can internal data be combined with external data? Can personal data be anonymized sufficiently for the intended use? Can sensitive information be entered into AI tools? Who controls the outputs? Can AI generated insights be reused across customers? Can model performance become a protected competitive advantage? What happens when data quality problems create legal, technical, or reputational risks?

These are not only AI governance questions. They are data protection, privacy, IP, and business model questions at the same time. Companies that want to use AI responsibly and competitively need to understand not only what the technology can do, but also what the underlying data position allows them to do.

Why this OFB Fireside Chat matters

The upcoming OFB Fireside Chat will address Data Protection and Privacy as a strategic business issue in the digital transformation. The focus will not be on abstract compliance language, but on the questions companies face when data becomes a central source of value. Which data is economically relevant? Which uses are legally and contractually possible? How can privacy, data access, data quality, and IP protection be managed together? What risks arise when a business model depends on data that the company cannot freely use? And how can Privacy by Design and IP by Design be connected in practice?

These questions matter because many companies are already data based without managing themselves as data based organizations. They invest in AI, platforms, connected products, digital services, automation, and new business models. But the underlying data rights, privacy structures, access rules, quality controls, and IP positions often remain fragmented. In such situations, a promising digital product can become difficult to scale. A valuable data asset can become unusable. A service model can depend on permissions that were never properly secured. A strong technical solution can lose strategic value because the company cannot control the data logic behind it.

Data Protection and Privacy gives companies a way to close that gap. It helps them understand which data matters, where it comes from, who may use it, how it is protected, how it can be shared, and how it supports sustainable digital growth. It also creates a bridge between compliance, technology, business model design, and IP strategy. That bridge is becoming more important as corporate value increasingly depends on data assets that are powerful, sensitive, highly connected, and easy to misunderstand.

Further reading and contact

For readers who would like to explore the topic in more depth, the related dIPlex Deep Dive Data Protection and Privacy as a Strategic IP Management Capability for Digital Business Models provides a structured perspective on how data protection and privacy define whether a company can actually use the data on which its product, service, platform, AI application or customer relationship depends:

👉 https://profwurzer.com/diplex/docs/ip-and-the-digital-transformation/data-protection-and-privacy-as-a-strategic-ip-management-capability-for-digital-business-models/

The Deep Dive complements the upcoming OFB Fireside Chat by looking on why data protection and privacy should not be treated only as compliance tasks, but as strategic IP management issues that affect digital products, AI applications, data access, data quality, business model scalability and the company’s ability to control value in digital environments.

For questions regarding the Open Foresight Board or the upcoming OFB Fireside Chat, please contact:

Theo Grünewald
Secretary of the CEIPI IP Business Academy’s Open Foresight Board
theo.gruenewald@ipbaportal.com

More details on the upcoming OFB Fireside Chat will follow soon.