A database service provider (DSP) is a provider of an Internet service for maintaining data so that users can access their data any time and anywhere via the Internet. The DSP model involves several challenges, including the issue of data confidentiality. In this paper we propose a Usage Control (UCON) model and architecture that can be enforced to support data confidentiality in the DSP model. Usage Control (UCON) is a unified model of access control that has been recently introduced as next generation access control. The basic idea of our UCON model for DSPs is separation of the control domain in a DSP into two parts: a database provider domain and a database user domain. In the database provider domain, the access control system controls access by users to database services. In the database user domain, the access control system controls access by other users to a user's database. Through this separation, we can define an access control policy for each domain independently.