Among the many Web 2.0 buzzwords, none has quite the cachet of "open." Yet no idea is more profoundly troubling to the companies trying to build profitable Internet businesses.

With open standards, open networks, open source software, and open APIs, companies are trying to figure out how to be open without giving away the store. Speaking last week at the Web 2.0 Summit in San Francisco, Marc Canter, CEO of Broadband Mechanics, summed up the mood: "The challenge we have in the Web 2.0 world is to invent new kinds of lock-in."

Data is the last lock-in. And it may not last long.

Mobile phone companies used to deter customer defections by holding hostage 10 digits of data--if you wanted to change carriers, you left your phone number behind. In November 2003, the FCC put an end to that practice, letting customers shop around with their phone numbers in tow.

Google CEO Eric Schmidt Photo by James Duncan Davidson/O'Reilly Media

For Web companies that try to hold on to customers by keeping their data, a similar fate may await, though not likely at the hands of regulators. None other than Google--which has profited enormously from the data users submit to its services and from the data its users generate through use of its services--is thinking seriously about how to give users more control over their data. Though stopping short of a complete data emancipation proclamation at the Web 2.0 Summit, CEO Eric Schmidt said, "The more we can let people move their data around ... the better off we'll be."

Given AOL's recent blunder of releasing 20 million search queries--data it thought was anonymous but could be tracked to individuals in some cases--many Google users would no doubt jump at the chance to erase information about their searches from Google's servers. A German court last week ruled that people should be able to delete their data from ISPs in most cases, Spiegel Online reports.

There's no sign that the old-school information industry--credit report companies such as Experian and data aggregators such as ChoicePoint--is on board. But Web startups and others are starting to discuss the extent to which their users should have control over data created by or about them.

Options Open
Back in April, Ian Davis, a developer and technical lead of the research group at library software vendor Talis, released a draft of the Talis Community License. Just as the Creative Commons License offers an alternative to conventional copyright protection and the GPL offers an alternative to software licenses, the TCL aims to describe a more flexible, Web-friendly set of database rights than the current legal default.

On his blog, Tim Bray, director of Web technologies at Sun Microsystems, suggests that data portability is a prerequisite for services claiming to be open. "Any online service can call itself 'open' if it makes, and lives up to, this commitment," he wrote in July. "Any data that you give us, we'll let you take away again, without withholding anything, or encoding it in a proprietary format, or claiming any intellectual property rights whatsoever."

At the Web 2.0 Summit, Marc Hedlund, co-founder of a financial information community startup called Wesabe, presented his company's "Data Bill of Rights," which includes the right for users to export or delete their data, as well as the assurance that user data is theirs and private. Wesabe needs to promote that kind of trust. It hopes to create a community of users who pool financial transaction data, such as anonymous credit card purchases, to sell insights it gleans from mining that data, such as the tendency of people to visit certain restaurants once and never return.

Conference panelists pointed to Google Groups as a model of openness for user-generated data, since users can ask to have posts removed from Google's archives.

What's the right mix of open, free, and profitable? Count on companies to struggle with that well into Web 3.0.