Differentiating Characteristics The SaaS sector includes a wide range of different types of services. This paper does not attempt to describe the full range of SaaS offerings, but instead highlights key differenti- ating characteristics that may change the human rights risk profile of a particular service or its provider. Typically, when assessing the downstream impacts of a company’s products and services, we 21 focus on the end-user and the use case. The most important considerations in evaluating the potential human rights impact of SaaS services are (1) who uses the service, and (2) how it is used. In addition to these two external factors, the inherent characteristics of SaaS services’ func- tionality and deployment may surface different human rights issues and provide different degrees of leverage to address them. We have identified eight characteristics, but the list can be expanded. Functionality Deployment 1 Open vs. closed platform 5 Cloud vs. on-premises 2 Volume and sensitivity of 6 Sales model data processed 7 Level of customizability 3 Level of automation involved 8 Level of substitutability 4 Level of interoperability Each of these characteristics represents a spectrum. The risk profile of a SaaS service changes based on where it falls on these spectrums. This section provides a brief description of each characteristic. 1 Open versus closed platform: SaaS services fall on the spectrum of open to closed platforms depending on whether content sharing is core to the service or not. The degree to which a SaaS service is open to user-generated content may surface different risks. 2 Volume and sensitivity of data processed: SaaS services rely on data input on varying levels. The degree to which a service processes sensitive personal data may surface different kinds of human rights impacts. 16 Human Rights Assessment of the Software-as-a-Service Sector
Human Rights Assessment of the Software-as-a-Service Sector Page 16 Page 18