Your two real choices for data interchange are XML and JSON. I have worked with both extensively, and these days JSON is far and away my first choice.
Of the two, it's my opinion that JSON trumps XML on every consideration except one. JSON is leaner and easier to read. It's a better fit for representing data formats because it's purpose built to apply labels to discreet data units. A JSON parser is far simpler to write and takes far less code. I have found the limited set of types that JSON supports to be perfect for data interchange. JSON is not burdened with legacy semantics for allowing document markup.
Furthermore, if your client is using JavaScript, support for JSON is intrinsic.
The only advantage to XML is that there might be more and better tools for working with the data in this format. It has to be said, though, that JSON is simple enough not to require tools, per se.
A third choice might be URL encoded keyword/value pairs, but I think you will quickly find this too limiting.
Just my 200 cents.
See: http://www.json.org/
You may also be interested in my lightweight open-source unencumbered JSON parser.
EDIT: 2010-08-10 00:43
In response to the comment about security of using JS eval, the following excerpt from the JSON website might be of interest:
To convert a JSON text into an object,
you can use the eval() function.
eval() invokes the JavaScript
compiler. Since JSON is a proper
subset of JavaScript, the compiler
will correctly parse the text and
produce an object structure. The text
must be wrapped in parens to avoid
tripping on an ambiguity in
JavaScript's syntax.
var myObject = eval('(' + myJSONtext +
')');
The eval function is very fast.
However, it can compile and execute
any JavaScript program, so there can
be security issues. The use of eval is
indicated when the source is trusted
and competent. It is much safer to use
a JSON parser. In web applications
over XMLHttpRequest, communication is
permitted only to the same origin that
provide that page, so it is trusted.
But it might not be competent. If the
server is not rigorous in its JSON
encoding, or if it does not
scrupulously validate all of its
inputs, then it could deliver invalid
JSON text that could be carrying
dangerous script. The eval function
would execute the script, unleashing
its malice.
To defend against this, a JSON parser
should be used. A JSON parser will
recognize only JSON text, rejecting
all scripts. In browsers that provide
native JSON support, JSON parsers are
also much faster than eval. It is
expected that native JSON support will
be included in the next ECMAScript
standard.