Contextual e-Negotiation for the Handling of Private Data in eCommerce on a Semantic Web Yingxin (Sheila) He Upside Software Inc, Edmonton, Alberta Sheila.He@UpsideSoft.com Dawn N. Jutla Saint Mary’s Univ., Nova Scotia, Canada dawn.jutla@smu.ca Abstract In this paper, we describe data support in an information system to support contextual, online negotiation of privacy contracts for e-commerce on the Semantic Web. Context is important to the user as one user rule about any single private data item may not fit all situations. For privacy negotiation, we introduce a usage concept consisting of a triple of P3P-defined elements (purpose, recipient, retention) upon which both users and businesses can usefully negotiate. Further we propose a negotiation terminology model to support subdivision of complex user rules into sub-preferences and business’ data requests into smaller sub-requests. We also exploit the disjoint data set types in the P3P schema for fast determination of whether negotiation may be useful. We utilize an ontological representation of the P3P data schema in a novel approach to finding relevant substitute data for counteroffers within a negotiation session. A prototype Web system is running. 1. Introduction e-Commerce sites do not provide negotiation mechanisms for creating privacy contracts today. Web users have to accept the data requests from a server in order to get its service; otherwise they cannot get any service at all. As the e-commerce channel matures, business may lose potential customers because compromises are not supported between Web sites and users through broad-range negotiation. In real life, negotiation is a necessary procedure to solve various issues of business before a contract can be finalized. Analogously, online negotiation for data collection purposes, known recipients, and retention periods of personal data may benefit both the Web sites and the Web users. Web sites may grant access to its services to a potentially larger base of users. Web users can decide what information could be released to the server without harming their privacy and thus get the services they desire without feeling compromised. There are many routine privacy negotiation tasks related to frequently occurring privacy concerns that conceivably can be inexpensively delegated to software agents. Online negotiation research has mainly focused on supply chain issues [9, 15, 24, 31] such as, price, quantity, quality, delivery time, and so on. Research on online privacy negotiation is in its infancy, even though the original P3P specification [27] had considered negotiation for inclusion and then excluded it in 1999 because it would have encumbered a then fledgling protocol. Yet the impact of the capability to perform privacy negotiations on business may be significant, as researchers [e.g. 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 19] begin to lay the infrastructure for empowering the users with the means to protect her/his privacy. Already we are seeing prototypes emerging to provide customers with P3P-enabled search engines which filter web sites appearances in hit lists according to customers’ privacy preferences [7]. Additionally, Generation Y, also known as Generation Next, is growing up with the Internet and the pragmatic majority [2, 30] may use P3P agents, such as PrivacyBird [28], as a matter of course. This paper motivates and proposes methods for managing private data to efficiently support contextual e-negotiation of privacy contracts with Web sites. The idea of context is essential as users or customers may have different rules around their data depending on the organization with which they are interacting. For example, a loyal customer of Amazon.com may trustingly provide and allow Amazon to manipulate their data for many purposes, whereas a user may have different preferences around the same data when dealing with UnGreen.com. Moreover, users have different degrees of emotion around various types of data [3]. For instance, financial and health data are highly emotional items while demographics such as postal code information may be less so. Proceedings of the 39th Hawaii International Conference on System Sciences - 2006 1 0-7695-2507-5/06/$20.00 (C) 2006 IEEE