Privacy Ranking systems Robustness by borattoludovico

Private Preferences, Public Rankings: A Privacy-Preserving Framework for Marketplace Recommendations

In multi-seller online marketplaces, centrally aggregating user interaction data to drive personalized recommendations often leads to cross-seller privacy leakage, which results in the potential reconstruction of sensitive preferences and unintended disclosure of sellers’ strategic signals. Privacy-preserving mechanisms that rely only on public, shareable signals can enable personalization in these settings by augmenting local marketplace feedback with seller-side information, as instantiated in this study.

Marketplace recommenders operate in an environment where multiple independent sellers coexist under a common platform interface. From a recommendation point of view, the platform would like to learn users’ tastes across the catalog to rank items effectively; from a privacy and governance point of view, sellers and users have strong reasons to keep fine-grained interaction data siloed. This tension becomes more important when the same user can interact with multiple sellers, because merging those traces enables inferences that neither seller (nor the marketplace) should be able to make in isolation.

Even if interactions are “anonymized,” cross-seller behavioral signals can remain linkable and can support profile reconstruction or correlation attacks, especially when the marketplace sees patterns spanning different sellers. At the same time, falling back to non-personalized or weakly personalized ranking can degrade user experience and reduce the marketplace’s ability to surface relevant items, particularly in sparse or cold-start conditions.

In a study, in cooperation with Guilherme Ramos and Mirko Marras, and published in the Proceedings of ACM SIGIR 2025, we introduce a privacy-preserving framework that integrates public seller rankings into marketplace personalization while keeping user–seller interactions private.

The work targets a specific gap: multi-seller marketplaces need mechanisms that are practical under realistic data-sharing constraints. Instead of assuming continuous cross-party coordination or access to interaction logs, the framework asks what can be achieved when sellers contribute only what they already expose publicly (aggregated item rankings), and the marketplace uses only its own local feedback.

High-level overview

The core idea is to treat public seller rankings as a usable learning signal for personalization without importing any seller-side interaction data. Conceptually, we do this by turning each seller’s public ranking into a “proxy preference profile” that can be ingested by standard recommender models alongside marketplace-local user ratings.

This reframes the marketplace’s learning problem. Rather than learning solely from sparse local interactions, the marketplace learns from a hybrid signal: (i) direct marketplace user feedback and (ii) seller-provided public ordering information that expresses how each seller evaluates or orders its own items. The resulting system aims to preserve cross-seller privacy while still extracting value from the information sellers can safely publish.

Our approach

Sellers keep their private user–item data on their side, while the marketplace receives only public rankings and uses them to enrich its recommendation process.

Public-signal boundary as a design constraint

The first mechanism is an explicit boundary between private and public information. We assume sellers hold detailed user–item interactions that must not be shared, while sellers can expose aggregated, non-personalized item rankings that are already public-facing. This boundary is important because it rules out a broad class of “just share less” solutions that still require transferring interaction traces (even if sanitized) and therefore still risk cross-seller linkage.

By making public rankings the only seller-to-marketplace input, we place the privacy requirement directly into the system interface: the marketplace is structurally unable to access, combine, or correlate seller-side user histories.

Seller representative users as an abstraction layer

The second mechanism is a key abstraction: we map each seller’s public ranking into a synthetic user profile, termed a seller representative user. The conceptual move is to translate “this seller ranks its items in this way” into a format that collaborative recommenders can naturally consume: a set of preferences over items.

This matters because it avoids building a specialized model that reasons over heterogeneous signals (ratings plus rankings) from scratch. Instead, we create a bridge representation that allows existing recommenders to treat seller rankings as an additional source of preference evidence. The assumption is that public rankings encode stable seller-level signals about item quality, desirability, or aggregate satisfaction, even if they are not personalized to any individual marketplace user.

Learning from an augmented interaction space

The third mechanism is to learn recommendations on an augmented dataset that merges marketplace users’ ratings with the seller representative users’ synthetic preferences. Conceptually, this changes what the model can infer. Without augmentation, the marketplace is constrained by its local data sparsity and may struggle when user coverage is limited. With augmentation, the model can align users’ local preferences with seller-level signals, effectively providing an additional scaffold for estimating relevance among items that the marketplace has limited direct feedback on.

This does not eliminate the personalization problem (seller rankings are non-personalized by construction) but it can reduce uncertainty in the learned item space and help the recommender produce more stable predictions when marketplace-only evidence is weak.

Privacy properties tied to what is not represented

A final aspect of “how it works” is that privacy protection follows from missing representational capacity. The marketplace never receives seller-side user identifiers, item-level interaction logs, or per-user preference vectors from sellers. Consequently, it cannot reconstruct a user’s cross-seller profile because it lacks the raw material needed to connect a marketplace user to any seller-side behavioral trace. The only shared artifact is a seller’s aggregated ranking signal, which is intentionally detached from individual user behavior.

This approach also implicitly protects seller business intelligence beyond user privacy: since sellers do not share their fine-grained interaction data, the marketplace gains limited visibility into seller-specific demand patterns, relying instead on a coarse public ordering.

Findings and insights

The evaluation uses real-world rating datasets to simulate a marketplace where interactions are distributed across multiple sellers and the marketplace itself. Within this simulated multi-seller setup, augmenting marketplace data with seller representative users tends to reduce prediction error relative to a marketplace-only baseline across a broad range of configurations and recommender choices.

Several qualitative insights emerge.

First, the approach is most helpful when the marketplace faces stronger sparsity pressures, precisely the regime where relying only on local data makes personalization brittle. Public rankings act as a stabilizing signal that can partially compensate for limited marketplace feedback, improving the model’s ability to estimate relevance even when user coverage is uneven.

Second, the benefit tends to become more evident as the marketplace is embedded in a richer seller ecosystem. When more sellers contribute public ranking information, the augmented signal becomes more informative about item structure and relative item standing, and the recommender has more consistent guidance beyond what is observed locally at the marketplace.

Third, the results suggest that the framework’s value is not tied to a single recommender family. Because the method operates as an interface-level augmentation rather than a tightly coupled model redesign, it can work with different recommendation backbones, reinforcing the view that the key contribution is the privacy-compatible signal integration rather than a specific predictor.

At the same time, the study highlights an important conceptual limitation: public rankings are a coarse summary. They may not reflect nuanced user tastes, and they can only guide personalization indirectly through the model’s learned associations. This makes ranking quality and seller behavior central to real deployments.

Conclusions

This work contributes a practical way to reconcile personalization with cross-seller privacy constraints in marketplaces by converting public seller rankings into a learnable signal that standard recommenders can use. The central lesson is that meaningful recommendation improvements can be obtained without importing private seller-side interactions, provided the system is designed around a strict public-signal interface and an appropriate abstraction layer.

Several research directions follow naturally from this framing. One is to strengthen trust in the public ranking signal: if a marketplace is to rely on seller-provided rankings, we need mechanisms to assess their integrity without reintroducing privacy-invasive data sharing. Another is to extend beyond static signals by studying how public rankings and marketplace preferences evolve over time, and how to adapt the augmentation so that it remains reliable under temporal drift. Finally, the marketplace setting invites strategic considerations: understanding how robust this public-signal approach is under manipulation attempts (and how to detect or mitigate them while preserving the same privacy boundary) would move the framework closer to operational readiness in adversarial environments.