Implementing Privacy Negotiations in E-Commerce

  • Sören Preibusch
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3841)


This paper examines how service providers may resolve the trade-off between their personalization efforts and users’ individual privacy concerns. We analyze how negotiation techniques can lead to efficient contracts and how they can be integrated into existing technologies to overcome the shortcomings of static privacy policies. The analysis includes the identification of relevant and negotiable privacy dimensions for different usage domains. Negotiations in multi-channel retailing are examined as a detailed example. Based on a formalization of the user’s privacy revelation problem, we model the negotiation process as a Bayesian game where the service provider faces different types of users. Finally an extension to P3P is proposed that allows a simple expression and implementation of negotiation processes. Support for this extension has been integrated in the Mozilla browser.


Service Provider Privacy Policy Negotiation Process User Agent Online Retailing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in E-commerce: Examining User Sce-narios and Privacy Preferences. In: First ACM Conference on Electronic Commerce, Denver, CO, pp. 1–8 (1999)Google Scholar
  2. 2.
    Cooperstein, D., Delhagen, K., Aber, A., Levin, K.: Making Net Shoppers Loyal, Forrester Research, Cambridge (1999)Google Scholar
  3. 3.
    Cranor, L.F., Resnick, P.: Protocols for Automated Negotiations with Buyer Anonymity and Seller Reputation. Netnomics 2(1), 1–23 (2000)CrossRefGoogle Scholar
  4. 4.
    El-Khatib, K.: A Privacy Negotiation Protocol for Web Services. In: Proceedings of the Inter-national Workshop on Collaboration Agents: Autonomous Agents for Collaborative Envi-ronments (COLA) (2003)Google Scholar
  5. 5.
    European Parliament, Council of the European Union: Directive 2002/58/EC on privacy and electronic communications. Official Journal of the European Communities L 201, 37–47 (2002)Google Scholar
  6. 6.
    European Parliament, Council of the European Union: Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000. Official Journal of the European Communities L 8, 1–22 (2002)Google Scholar
  7. 7.
    International Business Machines Corporation: Enterprise Privacy Authorization Language (EPAL 1.2), W3C Member Submission November 10 (2003)Google Scholar
  8. 8.
    Karrass, C.L.: Give and Take: The Complete Guide to Negotiating Strategies and Tactics. HarperCollins Publishers, New York (1993)Google Scholar
  9. 9.
    Kurashima, A., Uematsu, A., Ishii, K., Yoshikawa, M., Matsuda, J.: Mobile Location Ser-vices Platform with Policy-Based Privacy Control (2003)Google Scholar
  10. 10.
    Peppers, D., Rogers, M., Dorf, B.: The One to One Fieldbook. Currency Doubleday, New York (1999)Google Scholar
  11. 11.
    Personalization Consortium: Personalization & Privacy Survey (2000)Google Scholar
  12. 12.
    Rebstock, M., Thun, P., Tafreschi, O.A.: Supporting Interactive Multi-Attribute Electronic Negotiations with ebXML. Group Decision and Negotiation 12, 269–286 (2003)CrossRefGoogle Scholar
  13. 13.
    Schafer, J.B., Konstan, J., Riedl, J.: Recommender Systems in E-Commerce (1999)Google Scholar
  14. 14.
    Schafer, J.B., Konstan, J., Riedl, J.: Electronic Commerce Recommender Applications. Journal of Data Mining and Knowledge Discovery 5, 115–152 (2000t)Google Scholar
  15. 15.
    Spiekermann, S.: Online Information Search with Electronic Agents: Drivers, Impedi-ments, and Privacy Issues (2001)Google Scholar
  16. 16.
    Ståhl, I.: Bargaining Theory. Stockholm: The Economics Research Institute (1972)Google Scholar
  17. 17.
    Thompson, L.L.: The Mind and Heart of the Negotiator, 3rd edn. Pearson Prentice Hall, Upper Saddle River (2005)Google Scholar
  18. 18.
    W3C, A P3P Preference Exchange Language 1.0 (APPEL1.0), W3C Working Draft April 15 (2002),
  19. 19.
    W3C, The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Recommendation April 16 (2002),
  20. 20.
    W3C, The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C Working Draft January 4 (2005),
  21. 21.
    Yee, G., Korba, L.: Feature Interactions in Policy-Driven Privacy Management. In: Proceedings from the Seventh International Workshop on Feature Interactions in Telecommunications and Software Systems (FIW 2003) (2003)Google Scholar
  22. 22.
    Yee, G., Korba, L.: The Negotiation of Privacy Policies in Distance Education. In: Proceedings 4th International IRMA Conference (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sören Preibusch
    • 1
  1. 1.German Institute for Economic ResearchBerlinGermany

Personalised recommendations