This paper focuses on the protection of user privacy in business-toconsumer (B2C) settings. In the first part of the paper we discuss today’s commercially driven customer relationship management (CRM) practices and report on the results of an interview study we conducted with nine significant Internet industry players. We analyse their current practices and expectations on service and product differentiation, price discrimination, as well as data and advertisement sales. We discuss these data usage practices critically from a user as well as privacy rights perspective. In the second part of the paper we then use those insights and propose a combination of currently researched privacy technologies into one overall approach which we call “the user model’. Here, we report on how a compromise could be achieved between industry’s desires for one-to-one marketing and peoples’ wish to maintain control over their privacy while profiting from personalization. We discuss the role of client-side profiling, identity management, and privacy metadata and propose development principles for a user-friendly interface solution.