Why Regulators Need to Mandate Open Data Protocols in the Cloud

TechCrunch’s article about Intuit’s decision to shut down Quicken OnLine and not let users migrate their data to the new service Mint.com is an outstanding example of the emerging problem of ‘Data Lock-In’ and an issue which regulators need to get ahead of before its too late.

As the market for ‘Cloud’ services takes off we’re going to witness an explosion of new services whose value proposition is based on managing some aspects of the consumers life on-line. The big buckets already are life-centric services such as health and fitness, personal finances and of course managing you social graph. The expanding roster of new services will be accompanied by an equally large number of failures. That is the natural order of things in new markets. Not all new entrants will find a business model which works or is sustainable over the long term. Regulators need to start thinking about the consumer protection regimes that need to be put in place as this happens.

I was struck by some of the debate surrounding the Intuit issue by the number of folks who think its not a big deal because Quicken On-Line is a ‘Free’ service. That could not be further off the mark. One of the challenges for any new entrant in the crowded market for ‘Cloud’ services will be figuring out how to make their service as ‘Sticky’ as possible. After having invested a great deal to acquire new customers you want to make sure its not easy for them to leave or switch to a competitors service (Ever wonder why its incredibly difficult to dump you mobile provider? It’s called ‘Churn’ and ‘ARPU’)

One way to build ‘Stickiness’ is to ensure that new customers have to invest a significant amount of personal effort to extract the full benefits of the service. In Quicken Online’s case that was the time required to upload banking information and months and months of entering individual financial transactions. Making it easy for customers to export their data from the service would undermine ‘Stickiness’ and therefore increase the likely hood that customers might switch to a competitor’s services. In the highly competitive ‘Cloud’ service market it will be very tempting to find ways to bind users to services by making it difficult for them to take their data and run.

Consumers need to be educated about the dangers of ‘Data Lock-In’ so that they increasingly demand Open Data Access (ODA) from ‘Cloud’ service providers. I think its also about time that government regulators started thinking about mandating ODA for all service providers. These regulations would be a natural extension of existing privacy regulations by enshrining the principle that personal information of any sort belongs to the consumer, not the provider, and the consumer has the right to take that data with them when they leave a service. This would be a direct analog to ‘Number Portability’ requirements in the mobile telephony sector. Service providers would be required to ensure that all consumer owned data can be exported from their service using open standard formats and protocols.

Such a regulatory requirement would protect consumers of the sort of mess now faced by Inuit’s customers. It would also force service providers to focus on broader value proposition of their service rather than relying on ‘Data Lock-In’ as a competitive lever. This focus on ‘Functional’ competition would be a great thing for consumers and the market.