Among the many buzzwords associated with the Web 2.0 hype, none has quite the cachet as "open." Yet no idea is more profoundly troubling to the companies trying to build profitable Internet businesses.

"The challenge we have in the Web 2.0 world is to invent new kinds of lock-in," said Marc Canter, CEO of Broadband Mechanics, speaking at a session of the Web 2.0 Summit on Tuesday.

With open networks, open source software, and open APIs, control of the operating system no longer confers the lock-in power it once did. Microsoft and Apple are still very much in business, but as the network replaces the desktop, companies are trying to figure out how to be open without giving away the store.

Data is the last lock-in. And it may not last long.

Mobile phone companies used to deter customer defections by holding their data hostage—if you wanted to change carriers, you had to change your phone number. But in November 2003, the FCC put an end to this practice and let customers flee with their phone numbers in tow.

For Web companies that aim to keep customers by keeping their data, a similar fate may await, though not at the hands of regulators. None other than Google—which has profited enormously from the data users submit to its services and from the data its users generate through use of its services—is thinking seriously about how to give users more control over their data. "The more we can let people move their data around ... the better off we'll be," says Google CEO Eric Schmidt.

There's no sign yet the traditional information industry, represented by the likes of Experian and ChoicePoint, wants any part of this. But among ambitious Web startups, the extent to which users should have control over data created by or about them represents a very real discussion that has been going on for some time.

The Talis Community License aims to describe a more flexible, Web-friendly set of database rights than the current legal default, just as the Creative Commons License offers an alternative to traditional copyright protection and the GPL offers an alternative to restrictive software licenses. Talis is the brainchild of Ian Davis, a developer and technical lead of the research group at library software vendor Talis; he released a draft of the license in April.

Data portability is a prerequisite for services claiming to be open, says Tim Bray, director of Web technologies at Sun Microsystems. On his blog, Bray writes, "I think any online service can call itself 'Open' if it makes, and lives up to, this commitment: Any data that you give us, we'll let you take away again, without withholding anything, or encoding it in a proprietary format, or claiming any intellectual-property rights whatsoever."

At the Web 2.0 Summit on Tuesday, several panelists explored the issue. Among them, Marc Hedlund, co-founder of a financial information community startup called Wesabe, presented his company's "Data Bill of Rights," which includes the right to export or delete your data, as well as the assurance that your data is yours and private.

Wesabe hopes to create a community of users who pool financial transaction data, such as anonymized credit card purchases, in order to provide datamining insights—inconsistent pricing or the tendency of users to visit certain restaurants once and never again, for instance—to its user community.

The panelists pointed to Google Groups as an example of a service that offers an appropriate level of openness in terms of user-generated data. Google Groups users can ask to have their posts removed from Google's archive of posts.

The ultimate way to set data free, however, may require fees. Users of Amazon's S3 online storage service, for example, don't need to worry about lock-in. They can write and delete data at will, as if interacting with any old hard drive. It's a different relationship from the mutually agreed exploitation that occurs at sites that offer free access to an online community and services in exchange for user-contributed or user-generated data that has the potential to make money.