Who owns supply chain visibility data?

Who owns supply chain visibility data? Does the manufacturer of a product retain any rights to track that product after it enters the supply chain? What if the product is a pharmaceutical and it is found to have a life-threatening defect? Should technology or standards availability play any role in answering these questions?

These kinds of questions come up occasionally in discussions of track and trace systems design when people talk about the future of “full supply chain visibility” and how easy recalls will be executed because of it. The implication is that the manufacturer of a drug will be able to perform a targeted recall because they will be able to see exactly where their product is in the supply chain.

But one could easily make the argument that it is no longer “their product” once it enters the supply chain. True, they invented, manufactured and labeled it, and in a recall situation we all have a strong desire for them to get it back quickly and efficiently, but that doesn’t change the simple fact that they don’t own it anymore. And if they don’t own the product anymore then they don’t automatically own the knowledge of where it is either.

I’m not a lawyer but it seems to me that once a product is sold the seller gives up all rights to that product. The buyer can do whatever they want to with it, within the law of course. Recalls that are necessary for reasons that might be life-threatening are special and supply chain members should do everything they can to find and return any item that is involved in a recall. But is it necessary for the manufacturer to have instant access to the location of all of the affected product?

Serialization and track and trace will allow all supply chain participants to know a lot more than they do today about the location of recalled items just using the data that they clearly own. Compared with today, an individual company will know very quickly if they have ever received, shipped or currently have in stock the recalled units. If they currently have them in stock they will be able to place an immediate hold on those items to prevent them from being shipped to a customer until they have been collected and returned. If they have previously shipped the items to a customer they will know exactly which customers were involved and which unit went where. But that’s it. The knowledge of what their customers might have done with those products once they receive them is not owned by the seller.


I think it’s clear that each company owns the data that they create. Would anyone dispute that? But some of that data is shared with trading partners in the normal course of the selling and buying process. In that case, one could argue that both the buyer and the seller subsequently own that data. For example, the fact that pharmacy X bought drug Y from wholesaler Z is data that is known through direct experience by both X and Z. Did either company “create” that data? It seems to me that both X and Z can rightfully claim to own this data. Unless somehow bound by a contract, either one might choose to sell that data or give it away for free without consulting or negotiating with each other.

If data such as the one in my example above has value then it can be treated as any other asset that can be packaged, priced and sold. Today, supply chain data similar to this is collected, aggregated, priced and sold under terms that are determined by contracts.


But what about tomorrow? Things might get interesting when the sales transaction in my example above includes item-level serial numbers. The data available for that transaction would now include serialized references to the prior history of each item. Would that add any value to the original, non-serialized data? Depending on the needs of the data buyer, I think it might.

Now, I’m not predicting that data needed to properly execute a recall would ever be held for ransom. All I’m saying is that the supply chain visibility data that will come from serialization and track and trace technologies might have more value than the current data that is a source of revenue for some companies. This information is like any other intangible company asset. For this reason we should acknowledge that data ownership must be recognized and retained in the track and trace systems that we design for the future or those systems are unlikely to be adopted widely.

What does this mean for the ability to execute recalls efficiently in the future? I’m confident that supply chain visibility for recalls can be achieved without having to give data away at a financial loss, but it will require very selective visibility–some might call it selective blindness. With serialization and a well-designed supply chain track and trace system, recalls will execute very fast and efficiently without the need for end-to-end supply chain visibility by any single party.

GS1 has spent the last two years collecting end-user requirements for their next crown jewel standard, Discovery Services. Discovery Services, as envisioned by GS1, will be the cloud computing service that supply chain companies will go to initially to get more information about a serial number in their possession. I was a member of the requirements work group early on but I was unable to stay involved so I lost track of exactly where their efforts ended up. Having missed out on the development of these requirements I’m hoping that they strongly support the concept of data ownership. If that’s not in the completed requirements then the future standard may not be very attractive to some supply chains.

I understand that the GS1 Discovery Services standards-making work group is just about to kick off its work. If you have an interest in track and trace and/or data ownership, I suggest that you join. I’m going to.

Have a Happy New Year!

One thought on “Who owns supply chain visibility data?”

  1. For those of you who find this topic interesting, you should check out the Linked-In group "Data Ownership in the Cloud" at:


    It is moderated by Steve Holcombe, CEO of Pardalis Inc.

    The focus of the group is just as it sounds from the name. When any supply chain considers using GS1's Discovery Services (after the standard is complete, of course) data ownership and its related topics (access control, security, performance, …) must be well understood by the participants. Everyone who considers crossing that threshold must do so with eyes wide open. I believe this group could become the best source for information about the implications.

    I started a discussion topic in that group using this blog post as the kickoff point and there are already several interesting comments from others. Check it out by joining.


Comments are closed.