The decentralization of modern energy systems is transforming consumers into prosumers who continuously exchange data with aggregators, peers, and market operators. While such data is essential for peer-to-peer trading, demand response, and distributed forecasting, it can reveal sensitive household patterns and introduce privacy risks. Existing data sharing mechanisms rely on fixed policies or predefined differential privacy budgets, limiting their ability to adapt to variations in reliability, data sensitivity, and request purpose. As a result, prosumers rarely receive explanations for why a request is accepted, rejected, or modified, reducing trust and participation. To address these limitations, we propose X-NegoBox, an explainable negotiation framework for adaptive privacy budgeting and transparent decision making. Each prosumer data is managed locally within a private DataBox, where raw data remain confined. Incoming requests are processed by an Autonomous Privacy Budget Negotiation Protocol (APBNP), which determines an appropriate privacy budget based on trust, feature sensitivity, declared purpose, historical behavior, and risk-aware pricing. When needed, APBNP generates privacy-preserving counter-offers, such as reduced resolution or duration. An Explainable Agreement Layer (X-Contract) produces human- and machine-readable justifications for each decision. After agreement, requester code executes locally in a sandbox, and only sanitized outputs are shared. Experiments on realistic energy market settings show reduced privacy leakage, higher acceptance rates, and improved interpretability.

翻译：现代能源系统的去中心化正将消费者转变为产消者，使其持续与聚合商、同行及市场运营商交换数据。尽管此类数据对点对点交易、需求响应和分布式预测至关重要，但它可能泄露敏感的家庭模式并引入隐私风险。现有数据共享机制依赖固定策略或预定义差分隐私预算，限制了其适应可靠性、数据敏感性和请求目的变化的灵活性。因此，产消者很少能获得关于请求被接受、拒绝或修改原因的解释，从而降低了信任和参与度。为解决这些局限，我们提出了X-NegoBox——一个用于自适应隐私预算和透明决策的可解释协商框架。每个产消者的数据在私有DataBox内进行本地管理，原始数据保持封闭。传入请求由自主隐私预算协商协议（APBNP）处理，该协议基于信任度、特征敏感性、声明目的、历史行为和风险感知定价来确定适当的隐私预算。必要时，APBNP会生成保护隐私的还价方案，例如降低分辨率或缩短时长。可解释协议层（X-Contract）为每个决策提供人类和机器可读的理由。达成协议后，请求者代码在沙箱中本地执行，仅共享经过净化的输出。在真实能源市场场景下的实验表明，该方法降低了隐私泄露风险，提高了请求接受率，并增强了可解释性。