How Advertisers Can Adapt Data Clean Rooms for a Privacy-First World
Solutions Review’s Premium Content Series is a collection of contributed articles written by industry experts in enterprise software categories. In this feature, Opaque Systems‘ VP of Partnerships Mark Ailsworth explains how advertisers can adapt data clean rooms for a privacy-first approach.
Ever since the phase-out of third-party cookies, the AdTech industry has been scrambling. Understanding and using data is crucial to be successful and well informed. It is how the industry identifies users across different websites to generate personalized ads, run frequency capping, and measure campaign performance and attribution, among other things. Yet, with tightening privacy regulations, it is increasingly difficult to harness valuable data without sacrificing privacy.
Many advertisers have turned to data clean rooms as a solution, but recent regulations – even on a state level – signify a breaking point.
In today’s privacy-first world, data clean rooms must evolve to comply with ever-evolving policies and keep the industry on track. Otherwise, organizations run the risk of paying lofty fines for non-compliance and, more importantly, suffering detrimental impacts on their reputation.
Data Clean Rooms for Privacy
Data Clean Rooms are Important but Have Become Limited
Data clean rooms were developed to provide a secure environment where two or more parties could share data for multiple advertising use cases. Traditional data clean rooms have at least some industry-standard security measures in place to maintain the confidentiality of the data assets added to the environment. In AdTech specifically, a publisher or data provider leverages a data clean room to collaborate with a client by combining, comparing or modeling data across two or more datasets.
Not all data clean rooms provide the same levels of protection and privacy – but they are all a first step to enabling personal privacy while personalizing the consumer experience. Traditionally, there are three main categories of clean rooms, and it’s important to understand the nuances of each before implementation. The main categories include:
- “Media-Relevant Clean Rooms” are developed by large publishers and walled garden entities to compare first-party customer data to their specific audiences – think Google, Meta, etc.
- “Data Enhancement Clean Rooms” are developed by Marketing Service Providers to enhance their client’s first-party data for audience-specific and campaign-specific use cases. These use cases include audience insights and segmentation, and multi-touch attribution.
- “Bring-Your-Own-Data Clean Rooms” are suited to solve big data challenges and allow clients to pull in any partner or data source required for their collaboration projects. This is where we see Confidential Computing and privacy-enhanced technology join the conversation with the likes of Snowflake and Databricks.
But the question remains: why are traditional data clean rooms falling short? The short answer is that new privacy regulations limit the efficacy and usability of traditional data clean rooms, and the industry needs to adjust accordingly. New regulations in Connecticut, Utah, and Virginia – with more states following suit – advertisers need to prioritize securing data end to end. With penalties of these state-level regulations being incredibly costly (such as Sephora‘s recent $1.2mm fine), failing to do so could mean businesses come to a halt.
The Way Forward for Data Clean Rooms Combines Hardware & Software
Third parties need to be trusted when using data clean rooms of any type. Even when datasets are encrypted at rest and in transit, they must be decrypted manually to be used, processed, or modeled. This process opens up sensitive or unencrypted data to exposure. As evident by the plethora of data breaches over the years, this practice has diminished customer trust in AdTech organizations. To ensure data clean rooms holistically adhere to privacy regulations, there is a need for a hardware environment where data sets enter totally encrypted and remain that way throughout all data processing. In other words, transitioning from a human process to hardware and software-enabled automation.
This level of complete privacy protection enables multiple parties within and across organizations to share confidential data and perform analytics and AI without violating privacy laws and regulations. For example, if a marketing professional at a Home Improvement Retailer can identify customers who are a few weeks away from moving residences, a tremendous targeting opportunity emerges. By comparing the customer data set to a “new mover” signal dataset in a privacy-safe and completely encrypted process, marketers can hone in on their target audience and take advantage of perfectly timed ad targeting – all without ever having to directly share PII with their 3rd-party data vendor.
With no risk of human error, consumers can shift focus from institutional trust to programmatic trust, and the AdTech industry can remain compliant in a privacy-first world.