Business goals and competition are pushing advertisers, publishers and retailers to get creative with user outreach and engagement. Personal data collection and user tracking are paramount to these efforts, but doing so with regulatory compliance and user trust is proving more difficult as time goes on.
Challenges include the anticipated deprecation of third-party cookies, use of Apple’s App Tracking Transparency framework and increased regulation of targeted advertising in the EU and at the state level in the U.S.
Participating in data clean rooms is a developing trend for companies looking to combat these hurdles. These partnerships allow companies to merge or match first-party data sets to create fresh data analytics segments, while withholding personally identifiable information from involved parties.
Popular and frequently-used clean room providers currently include Amazon, Disney, Google, Habu, LiveRamp and Snowflake.
Snowflake Director of Product Marketing, Data Marketplace, Travis Kaufman said clean room technologies “can allow companies to enable personalized segment insights for advertising and campaign attribution in a privacy-preserving fashion.” He added the difference between clean rooms and general data sharing boils down to clean rooms allowing providers to “define rules about the types of queries that can be run on the data.”
At a high level, the clean room concept seems privacy friendly and compliant. However, the privacy principles have yet to resonate with privacy and information security professionals.
“How does this solve the identity issue or the cookie issue? I couldn’t figure it out,” Ampersand Chief Privacy Officer and General Counsel Noga Rosenthal, CIPP/E, CIPP/US, said. “I looked at all the (clean room providers’) websites. They all said the same thing about being the answer to the loss of the third-party cookie, but nobody explains how.”
The disconnect
The lack of understanding for how clean rooms incorporate privacy starts with an inconsistent approach among providers.
Snowflake, a cloud-based service provider, explained clean room participants are empowered to “define specific rules about which operations can be performed using their data, who can run them, and what the responses can be.” Responsibilities for regulatory compliance for the data sharing also falls on participants.
Habu, a privacy-preserving, decentralized analytics provider, said its clean rooms function with “built-in privacy and governance” while leveraging “privacy-preserving techniques in a platform designed for security and compliance.” The provider also stated it “enforces the highest security and privacy standards” with no clear mention of participants’ obligations.
Habu also lists Snowflake and other major data clean room providers among its partners and collaborators.
Variable approaches aside, data sharing in a clean room does not appear far from any other content management platform. Rosenthal went through a hypothetical clean room scenario from her understanding, where marketers and publishers arrive at 20,000 overlapped customers. In that instance, activating a new ad campaign based off the overlap still involves matching email addresses.
“There’s still this identity backbone that they need to have,” Rosenthal said. “So instead of cookies, they have another identity solution. That’s where I just kind of look and see that it’s sort of what everybody is doing in the (advertising technology) industry already.”
Another potential issue is that data partnerships in these rooms may not be as fruitful as portrayed. Without enough results, room participants may need to seek additional partnerships and potentially take on variable privacy settings with each additional room they enters.
“To use a clean room effectively you need lots of good personally identifiable information. Not many people have that much,” CafeMedia Chief Strategy Officer Paul Bannister said. “When you’re looking at a world where you’re intersecting PII from a marketer and a publisher and neither one is a particularly big data set, the overlap is tiny . . . That’s where the theory of a clean room is good but reality is there just isn’t a lot of scale there.”
Extent of protections, processing
A privacy advantage to a clean room, compared to a run-of-the-mill data management platform, is the privacy-enhancing practices rooms employ.
Amazon Web Services Clean Rooms adopted cryptographic computing for its data. Amazon defines the computing as “the option to pre-encrypt data using a client-side encryption tool . . . that uses a shared secret key with other participants in an AWS Clean Rooms collaboration.”
While Snowflake allows room participants to define the extent of sharing and subsequent privacy measures attached, the provider said room configurations are able to apply “time stamping or the injection of ‘noise'” into given data sets.
Despite the settings, privacy is ultimately based on clean room contracts between partners. That brings pause for some professionals who seek strong anonymization, encryption or pseudonymization.
“It’s almost promising to do stuff that adtech really never promised it would be able to do. Now lawyers might think they really do need to make sure the language is very crisp and clear,” said Alex Cone, former IAB Tech Lab senior advisor and co-founder of adtech privacy learning platform Coir. “As far as how that language turns into being effectuated in a clean room setup, I haven’t seen that. I’ve been told numerous times the hardest part of the clean room setup for a given campaign or a given relationship is getting it through legal.”
An example Cone provided was clean room partners taking settings down to mere pseudonymized email addresses.
“The configurations some of these providers offer customers allow them to sort of dial back the threshold. So think about differential privacy and the amount of noise,” Cone said. “Then you’ll read a lot lately with providers saying ‘Oh, we’ve integrated with a data marketplace or third-party data provider.'”
Even that type of sharing could be acceptable with purpose limitation principles and consent, but there’s no telling whether clean room agreements across the board ensure either.
“I’m not giving away and I’m not selling, but in essence, you are processing that data,” Proofpoint Resident Chief Information Security Officer Dennis Dayman, CIPP/E, CIPP/US, CIPT, FIP, said. “And I’m looking at (the EU General Data Protection Regulation) here. Let’s get into the real definition of it. Did you tell my wife, who might have given you that data because she shopped at Sephora? Did she know that you were going to try to pull more information about her or try to do some more matching?”
Further consideration may also be necessary for the security side of clean rooms as they grow in popularity and usage. Dayman said the potential for oversharing data will grow as clean rooms amass data from multiple participants to the point that it can’t be tracked properly. Then the question becomes when, or if, a consumer needs to be notified of an overshare.
A clear upside clean room providers offer is the assurance data leaks aren’t likely to haunt consumers or companies.
“If the data got out, it should be a bunch of mumbo jumbo. It should be nothing,” CafeMedia’s Bannister said. “Within that environment . . . there’s all kinds of fancy encryption and things of the like to ensure those sorts of things don’t happen. You just have to hope companies are building their systems the right way.”
A standards fix
Clean rooms are in their infancy and these technologies have a long way to go in adapting to existing norms and needs. Technological advancements aside, further regulatory and ethical standards for operation will be necessary.
“These are early days (for clean rooms) and figuring out how to set those standards is kind of complicated,” Bannister said. “Not only do you have marketers and publishers coming at this from different angles with different incentives, but the clean room providers have their own set of incentives. That’s a lot to pull together for even industry-specific standards.”
It could be as easy as building clean rooms into existing frameworks like BBB National Programs’ Digital Advertising Accountability Program or the Network Advertising Initiative’s Code of Conduct. Dayman worked previously with coalitions on best current practices in different aspects of the advertising business.
“For a lot of the (best current practices) I’ve worked on, if we don’t get past about two years within that process of trying to get them out then we’ll abandon them,” Dayman said. “It’s sort of hard to get into wanting to sit down and sort of agree to the terms . . . So the accountability in all this ends up thrown around between those who might be doing the cross-site tracking and those who are going to be holding the data.”