Data watermarking for sequential recommendation systems remains underexplored, particularly regarding effective modeling of sequence structure and simultaneous support for copyright verification and user privacy. Method: This paper proposes a dual-granularity (dataset-level and user-level) copyright protection framework. To address the limitation of existing methods in capturing sequential dependencies, we introduce the first receptive-field (RF)-aware watermark embedding mechanism: it employs continuous item encoding derived from interaction sequences and strategically inserts watermarks within the model’s critical RF—ensuring fine-grained control, minimal recommendation performance degradation, and high robustness against attacks. The method is model-agnostic and requires no architectural modifications to mainstream sequential recommenders. Contribution/Results: Extensive experiments across five models and three benchmark datasets show watermark detection accuracy >98% and <0.5% degradation in Recall@20—significantly outperforming baselines. To our knowledge, this is the first watermarking framework for sequential recommendation that jointly enables verifiable copyright attribution and individual privacy preservation.

In the era of large foundation models, data has become a crucial component in building high-performance AI systems. As the demand for high-quality and large-scale data continues to rise, data copyright protection is attracting increasing attention. In this work, we explore the problem of data watermarking for sequential recommender systems, where a watermark is embedded into the target dataset and can be detected in models trained on that dataset. We focus on two settings: dataset watermarking, which protects the ownership of the entire dataset, and user watermarking, which safeguards the data of individual users. We present a method named Dataset Watermarking for Recommender Systems (DWRS) to address them. We define the watermark as a sequence of consecutive items inserted into normal users' interaction sequences. We define a Receptive Field (RF) to guide the inserting process to facilitate the memorization of the watermark. Extensive experiments on five representative sequential recommendation models and three benchmark datasets demonstrate the effectiveness of DWRS in protecting data copyright while preserving model utility.