Data clean rooms are getting a lot of attention as brands and publishers look toward a privacy-first future. Since BlueConic announced the release of our own clean room solution in July 2021, we’ve responded to dozens of questions from customers, prospects, partners, and analysts about what a data clean room is and is not. We also recently held a webinar discussing how clean rooms can bridge the divide between the third-party cookie past and the cookieless future. In fact, we think data clean rooms need to be a part of every organization’s data deprecation playbook.
After poring over questions, we’ve distilled them down to the top five questions on data clean rooms. But before we dive in - we need to address question zero:
What is a data clean room?
Let’s start with the problem they solve.
With the disappearance of third-party cookies, changing consumer preferences, and approximately two-thirds of countries putting consumer privacy legislation in place, it’s becoming harder and harder to understand the impact of your advertising spend.
At the same time, transformation-focused organizations are ahead of the curve building first-party data assets, yet, they still lose visibility when customers interact and transact outside of their owned channels and environments.
What if you could create a privacy-safe environment to facilitate second-party data sharing and close this gap? Each party could get the insights they need to improve the outcomes of their marketing efforts without ever exposing personally identifiable information (PII).
With data clean rooms, you can.
According to Forrester, data clean rooms are “a secure platform where brands can access advertising data and use it for targeting, measurement, and analysis. The advertising performance data provided in a clean room is aggregated and has controls to ensure privacy.”
Without further ado, here are our answers to the top 5 questions on data clean rooms.
How does a data clean room actually work?
Here’s a breakdown of how a data clean room solution works from a technical perspective:
Each party brings their first-party data to a secure clean room environment. For instance, a CPG company with their advertising audience data and a retailer(s) with their transactional audience data.
As the data from both parties is ingested into the clean room, it is fully pseudonymized, meaning all personally identifiable information (PII) is replaced with hashed identifiers.
Instead of randomly being replaced, as is the case with anonymization, pseudonymization uses advanced encryption techniques to create a one-way hash of the identifier. As an example, firstname.lastname@example.org becomes: 167fbd31b25b58a52b.
Because each set is being encrypted using the same method, email@example.com in one dataset will result in the same string as firstname.lastname@example.org in the other data set, which allows those two records to be matched in the clean room while simultaneously preventing either party from reverse-engineering the identifier – so Taylor could never be identified.
Once the match occurs, a marketer from the CPG company could run a report to see that 80 out of 100 people who saw an ad also purchased the related product through the retailer, but not which 80.
What’s more, users are never given access to the record-level data, only aggregated data. Technical safeguards are put into place to prevent re-identification attacks like manipulating segments to isolate individuals.
You can visualize it like this:
Brands and publishers can get the insights they need to understand advertising influence on particular audiences and build effective lookalike audiences for future targeting, without ever exposing individual customer data.
In simple terms, can you explain how a clean room is “privacy compliant?”
If we start with Forrester’s definition of clean room above, the core of a data clean room is a data storage solution that creates a controlled environment with a high threshold for what data can go in and out so that analytics can be run on the data in a secure and privacy-compliant manner.
There are two components to ‘privacy’ that a clean room provides: one is at the framework level and the other is at the capability level.
The framework level is any policy, regulation, or law that dictates what data your organization can collect and under what circumstances. Common frameworks are the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA).
As consumers increasingly want to control the data that is collected about them and for what purpose, clean rooms can be a compliant, protected way to ensure that the data is only used for expressed purposes and never leaves the control of the first party entity (as opposed to loading it up into a third-party system or handing the data over to an agency). Consent can also be accounted for before any data is sent to a clean room.
At the capability level, a clean room should have out-of-the-box enforcement mechanisms to further protect or remove personally identifiable information (PII). A data clean room brings together first-party data and second-party data in a way that ensures profiles are associated only with one-way hashes of identifiers (pseudonymization) and that any identity resolution based on those hashes is used to link profiles.
This solution enables pseudonymized data sharing without requiring ongoing IT involvement to maintain and add partners over time. In a data clean room, only aggregated data (’how many people converted?’) can be queried, without exposing individual data (‘who converted?’).
How is this different from what Facebook, Amazon, and Google are creating?
Over the past few years, Facebook, Amazon, and Google have come out with data clean room solutions, the latest being “Amazon Marketing Cloud” (AMC) which recently emerged from beta.
While Facebook’s clean room offering has been more secretive, Google is going full steam ahead with their “Ads Data Hub” product.
Brands can bring their first-party data into a Facebook, Amazon, or Google-controlled environment and match it against each of these datasets for more accurate measurement and attribution.
The problem? They’re called “walled gardens” for a reason.
They control the data and, in Gartner's words, “Exercise their market leverage and privacy concerns to define — and limit — the terms of advertiser data access.”
As Digiday puts it, “It’s not within any of the walled gardens’ best interests to cede too much data to advertisers given how much value they derive from controlling their own data, particularly targeting data.”
With such a large percentage of digital advertising dollars flowing through the Facebook, Amazon, and Google ecosystems, any sort of attribution offering from these walled gardens is going to attract advertisers’ interest because they want to understand the immediate effect of specific ads served by these platforms on some sort of conversion event. But that is an increasingly dated and irrelevant way of thinking about attribution.
These solutions won’t necessarily help an advertiser understand the impact on an audience when the conversion event is occurring with a second party to the advertiser, or when the advertising exposure occurs outside of the walled garden. That leaves a lot of important questions left unanswered.
BlueConic’s data clean room solution is completely agnostic and allows marketing, e-commerce, and other growth-focused teams to form direct partnerships with those who also have a vested interest in sharing their own first-party data to more deeply understand a mutual audience’s behaviors.
Who should own procurement and operation of the data clean room?
From a procurement perspective, Gartner recommends a cross-functional approach that includes marketing, operations, IT, security, and legal. As we’ve said before, digital transformation takes buy-in from senior leadership and across functions.
Whenever it comes to taking care of your customers' data, you want to make sure you have all teams moving in the same direction to achieve your growth objectives without sacrificing the security of your customer data. Adding in the complexity of using another company's dataset, having IT, security, and legal involved is a must to make sure all regulations are addressed and protections are implemented.
From an operational perspective, once implementation is complete, the data clean room could be owned by the business users who are already activating first-party customer data in their growth-focused programs. Or it could be owned by a centralized team that is empowering the business teams that are executing programs related to the customer experience.
For instance, BlueConic’s clean room is designed to be an extension of what our customers are already doing with the first-party data they unify and activate in our customer data platform (CDP)So the data clean room administrators will be in the same team that owns the CDP. That could be a marketing team, or it could be an analytics team that focuses on delivering audience insights, for example.
This structure provides the operational efficiency to quickly go from insight to action, while maintaining privacy and security at every step.
What should I look for in a data clean room solution?
First and foremost, a clean room solution should insulate you from sharing PII data with second parties. Period.
In addition, a clean room should:
Enable pseudonymized data sharing with second parties without requiring additional IT involvement to maintain and add trusted partners over time.
Foster a neutral and open ecosystem with any trusted partners of your choosing, as opposed to a limited network of partners dictated by the solution itself.
Give the user full control over matching rules, so you can validate the basis of the match in the UI.
Connect to the same unified first-party dataset used for customer segmentation, marketing orchestration, and analytics.
Provide out-of-the-box but transparent models to run measurement and attribution against your data in a business-user-friendly UI.
Data Clean Room in Practice
If you want a deep dive into how data clean rooms are being applied, check out our previous blog post on why we think clean rooms are the next era of CPG. We share some real-world use cases, provide a short glossary, and explain where clean rooms fit in the context of CPG companies.
BlueConic is committed to a privacy-by-design philosophy and adding enormous value to our customers as they navigate these broader changes related to third-party data.
We’re ready for the clean room era of marketing. Are you?
Are you ready to join the future of marketing? Request a demo of our pure-play customer data platform today.