As described herein, a system, method, and computer program are provided for synthesizing user transactional data for de-identifying sensitive information. In use, transactional data of a plurality of users is identified. Additionally, the plurality of users are clustered based on the transactional data, to form groups of users having transactional data representing similar transactional behavior. Further, synthesized transactional data is generated for the users in each group by: identifying a subset of the transactional data that corresponds to the users in each group, shuffling the transactional data in the subset across the users in each group, and perturbing portions of the shuffled transactional data.

Disclosed herein are system, method, and computer program product embodiments for pooling requirements, such as placing of multiple purchase orders, while preserving the privacy of the requirements provided by requesters placing the orders. The approach involves receiving first encrypted information comprising a first request from a first client and second encrypted information comprising a second request from a second client. An encrypted intersection result of the first request and the second request can then be calculated using the first encrypted information and the second encrypted information, in their encrypted form without the need to decrypt either.

Methods and systems for subscription to retail browsing sessions. While two users are independently browsing the same merchant's store in parallel, the system may enable sharing or cross-sharing of commerce event data from a first user's browsing session to be injected into the other user's browsing session, so that the other user may follow along with the first user's browsing activity. The sharing may be dependent upon the first user enabling a live browse event and the other user subscribing to it. The sharing may be dependent upon subscribers having an active browsing session in the same merchant store as the first user's browsing session. To the extent that a subscribing user navigates to a different merchant or store, the sharing of commerce event data may be stopped or reduced to reflect the fact that the two users are no longer browsing the same merchant location in parallel.

A system is provided for controlling privacy in an exchange of an asset. The system receives an offer query of an offeror that includes an offeror reveal condition, an asset identifier of the asset, and offeror terms of exchange. The system accesses an offeree reveal condition and offeree terms of exchange for the asset. The system determines whether the offeror reveal condition and the offeree reveal condition are satisfied and determines whether the offeror terms of exchange and the offeree terms of exchange are satisfied. When the offeror reveal condition, the offeree reveal condition, the offeror terms of exchange, and the offeree terms of exchange are satisfied, the system reveals the offeror to the offeree and the offeree to the offeror.

Systems and methods for use in a secure personal data marketplace are disclosed. In accordance with one method, a request for processed user data from a requesting party is received at an electronic marketplace. The request for the processed user data is published from the electronic marketplace to a plurality of responding agents. The plurality of responding agents determine whether one or more of the users will be a user participant. The responding agents send the user information for the user participants to the electronic marketplace, where the user information is processed in a trusted environment to generate the processed user data requested by the requesting party. The processed user data is sent from the electronic marketplace to the requesting party, and the user information and processed user data is deleted from the electronic marketplace once the processed user data has been sent to the requesting party.

A system and method are described that facilitate bilateral private interaction between participants who wish to initiate personal or business arrangements anonymously or without exposure except to identified trusted parties and the system and method act as an intermediary allowing the participants, typically buyers and sellers, to be matched based upon requests for and offers of goods and services, without revealing the identity or other identifying information about either the items or the participants until the participants choose to reveal that information.

Systems and methods are described for anonymizing personal information of consumers in a manner that protects against de-anonymization by a third party. In an embodiment, a system includes a data anonymizing subsystem and a payment transaction subsystem. A data preparation engine of the data anonymizing subsystem receives, from the payment transaction subsystem, consumer transaction data comprising personal information of a plurality of consumers and item identifiers, prepares the consumer transaction data and transmits the prepared consumer transaction data to an anonymization engine which receives and anonymizes the prepared consumer transaction data. In particular, the anonymization engine groups consumers associated with the prepared consumer transaction data into a plurality of consumer groups, quantifies a similarity between the plurality of consumer groups, combines the plurality of consumer groups, and discards all the consumer groups that contain less than a threshold number of consumers. A reporting engine then transmits the anonymized consumer transaction data to a third party device for consumer transaction analysis.

A computer-implemented method of providing one or more selected tracking tags to a domain owner server for deployment on a website is described. The one or more tracking tags are selected from a set of available tracking tags and the method comprises: storing the set of available tracking tags, each available tracking tag including a purpose parameter describing a use to which data collected by the available tracking tag will be put; storing a plurality of user identifiers and a plurality of sets of tag-selection parameters, each user identifier identifying a website user and having an associated set of tag-selection parameters which identity a specific tracking tag and indicate whether a user consent has been obtained for a specific purpose of the specific tag; receiving, from the domain owner server, a request for deployment of one or more tracking tags on the website, the request including a received user identifier identifying a user accessing the website; for a user identifier corresponding to the received user identifier, comparing the tag-parameters for each specific tracking tag to the purpose parameter of each corresponding available tracking tag; selecting available tracking tags where the purpose parameter of the available tracking tag corresponds to a specific purpose which has an indication of user consent in the corresponding tag-selection parameters; and transmitting the selected available tracking tags to the domain owner server for deployment on the website.

A secure communication method for ordering a product or a service by way of a communication terminal is described. The method is performed by the terminal and includes sending, to a server, a request containing information relating to a product or to a service, establishing, in the background, a communication to N supplier terminals (N≥1) identified by the server as being able to supply the product or the service, based on all or some of the information in the request, the communication being established while masking the communication identifier of the terminal and of the N terminals, and, in the course of the communication, receiving, from at least one supplier terminal out of at least K supplier terminals, such that 1≤K≤N, an offer for a product or for a service corresponding to the information, the offer having been generated during the communication.

A user-initiated request from a user device of a user is detected. The user-initiated request is directed to a product provider, the user-initiated request includes one or more parameters. an anonymized request is created based on the one or more parameters. The anonymized request is sent to the product provider. A provider response is received from the product provider. A targeted response is generated based on the one or more parameters of the user-initiated request and based on the provider response. The targeted response is transmitted to the user device of the user.