Articles
Privacy 101
What are data clean rooms, and how do they work?
Privacy 101
new

What are data clean rooms, and how do they work?

Published  

6/19/2024

by 

Ali Talip Pınarbaşı

7
min read

Published  

June 19, 2024

by 

Ali Talip Pınarbaşı

10 min read
Summary

Even for a competent marketer, running a successful advertising campaign and optimizing it is a tricky process: Placing ads on multiple digital channels makes it hard to measure how an ad performs, confirm whether it reaches the target audience, and perform attribution. Traditionally, advertisers relied on third-party cookies for many of these tasks.

 

However, third-party cookies have been less effective in recent years due to various factors. Privacy laws like the EU General Data Protection Regulation (GDPR) imposed consent requirements on the use of third-party cookies, (rightfully) putting a dent in the overexploitation of consumer data.

 

Additionally, web browsers such as Apple’s Safari and Mozilla's Firefox have disabled third-party cookies by default, and Google is working towards doing the same thing with its Chrome browser next year.

These developments stripped advertisers of valuable insights to improve their ad campaigns.

 

Looking for alternatives, some are now turning to a more privacy-friendly and secure alternative technology: data clean rooms.

 

Summary

 

 

 

What is a data clean room?

 

Data clean rooms can be considered as a privacy-friendly and secure environment where two or more parties can pool their first-party data into a privacy-friendly and secure collaboration environment and aggregate it so that they can perform pre-agreed activities such as frequency capping, measurement of ad effectiveness, audience analysis, or attribution.

 

As a practical example, publishers and advertisers might want to match their respective first-party data to create a collaborative black box to ensure that end users are exposed to better-targeted, more relevant campaign ads.

 

Let’s look at the key features of a data clean room and how it works with a few real-life examples:

 

Key features of a data clean room

Data isolation

In a data clean room, a data-sharing party can separate its first-party data from those of others and prevent other participants from viewing or accessing its raw data. Put simply, other participants in a data clean room do not have access to the plaintext data of the other participants. 

 

Enhanced privacy techniques

Data clean rooms implement privacy-enhancing technologies such as differential privacy and encryption so that the individuals cannot be re-identified based on the combined data or a malicious participant misuses the shared sensitive data.  

 

Furthermore, data clean rooms may apply other protection measures, such as limiting the number of queries that can be run on a dataset and imposing restrictions on its use in another data clean room.

 

Data security

Data clean rooms ensure the security of data pooled into the collaboration environment through various security controls. These controls may include auditing, logging, data rights management controls, and data residency controls. 

 

Access controls

Data clean rooms also allow a participant to impose strict controls on who can access the shared data and what actions the authorized user can take. The participant can also monitor the users of the data clean room.

 

Examples of data clean rooms

 

In 2021, NBC Universal announced the launch of the NBCU Audience Insights Hub. This data clean room would allow NBCUniversal to pool its first-party audience data so that NB advertisers can merge it with their own first-party data sets without disclosing personally identifiable information.

 

NBCU Audience Insights Hub offers NBC advertisers certain functionalities they can leverage: 

 

 

In this example, the data clean room is unilateral: NBC provides a data clean room into which advertisers can plug. Another example is Liveramp, which provides solutions for companies that want to safely create their own data clean rooms and assemble their datasets.

 

Benefits and limitations of data clean rooms

Like most privacy solutions and alternatives to third-party cookies, data clean rooms come with benefits and limitations.

The main benefits of data clean rooms

 

  • Consumer trust: Consumers are increasingly aware of the privacy-intrusive advertising practices they may be subject to and want to protect their online privacy. Data clean rooms allow advertisers, ad publishers, and brands to earn consumers’ trust by limiting the sharing of user-level customer data between advertisers. 
  • Improved marketing performance: Data clean rooms allow advertisers to carry out frequency capping, perform attribution, build more accurate customer profiles, and improve ad performance. 
  • Control over data: Data clean rooms allow advertisers to maintain control over their first-party data because they can decide how much data they share, who they share it with, who may get access, and on what level the data is disclosed. 
  • Compliance: Data clean rooms provide a safe, compliant way to leverage data using Privacy Enhancing Technologies (PETs).

 

The key challenges of data clean rooms

 

  • Data quality: Unlike third-party cookies, data clean rooms do not allow parties to access ID-level advertising data such as names, email addresses, or advertising IDs such as Apple’s IDFA. Instead, they provide other parties with aggregated data, which could lead to lower quality.  
  • Limitations with complex activities: When an advertiser runs an ad on multiple digital channels, attributing a conversion to a specific channel is vital to measuring and optimizing an ad campaign's effectiveness.

    However, multi-touch attribution can only be performed by accessing large amounts of exposure data combined from multiple sources. The amount of data shared in a data clean room will likely be insufficient to carry out such complex activities. 
  • Data cleaning: Since the other participants in a data clean room cannot access the other participants' plain-text data, data cleaning and normalization may be time-consuming.
  • Legal risks: Using a data clean room inevitably requires disclosing personal data to third parties such as other advertisers, ad publishers, and businesses that may re-identify the individuals. Uploading data might also expose personal data to the risk of data leakage and privacy violations.

 

How do you get started with data clean rooms?

 

You can rely on a third-party solution even if you do not own a proprietary data clean room. Choosing a data clean room solution is a complex task, and various criteria must be considered to make the best choice. 

 

Here is a list of factors you should keep in mind when choosing a data clean room platform:

 

  • Privacy: You need to ensure that the data clean room provider implements the appropriate privacy controls to eliminate security and privacy risks to your data. For instance, you must check if the service provider implements privacy-enhancing techniques such as homomorphic encryption, encryption in rest and transit, and differential privacy.

    Furthermore, you should also confirm if the service provider implements mechanisms such as limiting the number of queries that can be run on the dataset to prevent re-identification of individuals.
  • Speed: You need to test and confirm how fast you can set up the data clean room and how long it would take to upload your take, merge it with other datasets, and then glean valuable insights in a data clean room environment. 
  • Scalability: You must determine how many datasets a specific data clean room can support and how much computing power is provided. 

 

Where does Didomi fit into all of this? Simply put, consent remains the cornerstone and main legal basis for data collection for several regulations, including the GDPR. As a result, a Consent Management Platform (CMP) remains needed to ensure compliance. 

 

For example, in the case of a data clean room implemented between advertisers and publishers, users would need to grant their consent when entering the publisher’s website, not only for the publisher but also for the advertisers involved. This is where things can get quite complicated.

 

At Didomi, we’re used to working with privacy and data protocols, including the Transparency and Consent Framework (TCF), Google Consent Mode, or Global Privacy Control (GPC). To learn more about data clean rooms and how Didomi can help you get started, get in touch with one of our experts:

{{talk-to-an-expert}}

 

Data clean rooms: Frequently asked questions

 

What is a data clean room?

A data clean room is a privacy-friendly and secure environment where two or more parties can combine and analyze their data without exposing personally identifiable information. It enables activities like frequency capping, ad effectiveness measurement, and audience analysis.

 

How do data clean rooms work?

Data clean rooms allow parties to upload their data to a secure environment where it is combined and analyzed using privacy-enhancing technologies. Participants can perform agreed-upon activities without accessing each other’s raw data.

 

Why are data clean rooms considered privacy-friendly?

Unlike third-party cookies that track user-level data, data clean rooms use aggregated data and privacy-enhancing techniques to prevent re-identification and misuse of personal information.

 

What are some other alternatives to third-party cookies?

To learn more about the deprecation of third-party cookies and discover some of the alternatives you can explore, head to our article on the third-party cookies phaseout in Chrome.