101 on data clean rooms: Are they the alternative to third-party cookies?

share on

twitter /
facebook /
linkedin /
- email
- telegram
- whatsapp
- wechat
- pinterest
- line
- snapchat
- reddit

With Google finally doing away with third-party cookies on Chrome, many marketers are turning their attention to data clean rooms. Data clean rooms combine a brand's first party data with their partner's second party data in other to track metrics without exposing personally identifiable customer data.

Don't miss: Google's Gemini for dummies: Why experts are divided on its potential success

But data clean rooms haven't yet become a mainstream conversation. So we break it down for you as to how data clean rooms can benefit your business.

What is a data clean room?

According to Laura Quigley, senior vice president, APAC at IAS, a data clean room is a secure sandbox where companies can combine their data for joint analysis without sharing raw information.

"Imagine it like a sterile lab where scientists mix their samples for research without revealing their formulas," explained Quigley.

"In this case, companies combine insights from their anonymised data, such as ad campaign performance or customer demographics, to uncover hidden trends and boost targeted advertising, all while keeping everyone's sensitive data locked away," she said, adding:

It's a win-win for privacy and collaboration in the data-driven world.

Adding to her point, Dan Richardson, director of data and insights, AUSEA at Yahoo explained that data clean rooms are usually used with structured data such as data from CRM systems or transactional data.

"All forms of user identifiers such as email addresses, phone numbers, device IDs, cookies or IP addresses are encrypted end-to-end, so consumers run no risk of being re-identified during data matching or activation," he said, adding that all this should then be verified for accuracy and validated to ensure that formatting and syntax are correct.

With a focus on consumer privacy and a trickier data palette due to increasingly complex regulations and technology changes, data clean rooms essentially offer a privacy-centric way to work with data collected from consumers with safety and consent in mind, explained Richardson.

They can be used by publishers wishing to enrich what they know about their users with external partners to create audiences or measure sales lift.

Alternatively, they can also be used by advertisers wanting to conduct addressable campaigns with publishers and DSP partners, explained Richardson.

For example, a brand may seek to understand the overlap between its customer base and a publisher's unique users in order to execute and measure an addressable media campaign.

Why would a company need a data clean room?

Ever since the inception of the Internet and programmatic advertising, the industry has been using browser or device-based identifiers such as browser cookies, finger printing, mobile advertising IDs, and IP addresses to identify users on the Internet and turn anonymous users into well-known ones.

This has helped brands build powerful engaged consumer experiences across channels and owned assets. It also helped to drive mass personalisation at scale across consumer journey with precision, according to Ravikumar Shankar, chief data solutions officer, Annalect, Omnicom’s data and analytics division.

In the pursuit of precision measurement, the industry did not pay much attention to user privacy and data security, which led to public concerns, government regulations such as GDPR and PDPA, and strict consent-based policy from technology vendors, said Shankar.

Saying that, the key challenge in the privacy-first world is the inability to bring together all first-party data assets – owned or rented – to create a single source of truth that marketers can own and continually enrich in a self-governed, secured environment.

"Failing to address this challenge can affect marketing efficacy, resulting in disengaged consumer experiences across consumer journeys, inaccurate measurement and attribution, and more importantly ineffective audience and activation strategies," said Shankar.

Can data clean rooms be hacked? Is the data really safe?

While data clean rooms offer enhanced privacy and security measures as compared to other technology tools and platforms, data security isn’t a given and no technology is bulletproof in this aspect.

However, data clean rooms still offer the best safety at present with respect to the Privacy Enhancing Technology (PETs) it employs - such as differential privacy techniques, noise injection, and k-animity. K-animity is the idea that by combining sets of data with similar attributes, one can conceal the identity of a person, said Richardson.

Marketers need to ensure that all sensitive data sent to the data clean room is encrypted for transmission and stays encrypted throughout the process even till outputs are delivered.

Between partners in a data clean room, each contributing party should also have independent and holistic control of their data - from what data is being connected to the purpose it is used for, the duration of the connection, query limits and complexity, and any other agreed-upon rules.

Another safeguard measure of data clean rooms, even if the data were to be exposed, is that the baseline protocols and PETs in the clean room should prevent users from being re-identified, said Richardson.

Adding to his point, Shankar explained that brands must also understand privacy laws and do their due diligence on potential data clean room partners and audit their built-in privacy enhancing capabilities, data security layers, scale, and usage before subscription.

As per IAB standards, the three important things brands must check are that:

1. All Personally Identifiable Information must be encrypted and never shared directly with any party.
2. No participant should be able to learn anything about the identity of people who are not in their own contributed data set.
3. No one involved should be able to learn anything about anyone in the overlapping audience.

Shankar added that if brands follow this, data hacks are "nearly impossible" and will ultimately protect against privacy attacks such as re-identification and reconstruction. He said:

Most data clean rooms come with a data minimisation feature, which restricts access to data that is only absolutely necessary for performing a specific task or achieving a given outcome.

"However, there is inherent human risk or error while using any technology. If a data owner provides incorrect data access to a user, it then leads to data and information leakage or abuse. Once that data is exposed, linked, and enriched by the permissioned user there is no going back."

Do all marketers and brands need a data clean room?

Essentially, the answer to that lies in what you want to achieve with your brand. According to Richardson, brands and publishers wishing to conduct frequent or ongoing data collaboration with internal or external partners should consider using a data clean room. For smaller companies wishing to conduct less frequent data matching, onboarding, enrichment or insights discovery, there are zero-cost options to explore too.

Agreeing with him, Siddharth Jhanji, domain leader APAC at Ekimetrics said that data clean rooms are not universally required by all companies. However, certain industries and types of companies, such as those in healthcare, finance, research, media, and marketing, are more likely to benefit from implementing data clean rooms.

"These industries handle sensitive data and face privacy concerns and regulatory requirements," he said, adding:

Companies that work with patient records, and financial information, or engage in targeted advertising and personalised marketing can derive advantages from data clean rooms.

share on