There is nothing clean about data clean rooms.

Picture of Judy Shapiro

Judy Shapiro

Editor-in-Chief at The Trust Web Times
Picture of Judy Shapiro

Judy Shapiro

Editor-in-Chief at The Trust Web Times

The au courant trend in adtech data are data clean rooms. This is a very clinical and sanitary way to describe the ugly business of digital targeting but without the taint of cookie tracking.

Tech Target explains data clean rooms as follows:

“The concept of a data clean room is intended to be a data-focused equivalent to a physical clean room, with the goal of having a pristine environment where technology cannot be contaminated by outside influence. A data clean room provides aggregated and anonymized user information to protect user privacy, while providing advertisers with non-personally identifiable information (non-PII) to target a specific demographic and for audience measurement.”

Let’s start by admitting to each other this is confusing.

Data clean room advocates would have us believe we are gathering data bits about a person to identify them without a personal identifier to identify who they are. Uh-huh. Sure.

The issue (linguistic gymnastics aside) is that this requires people to jump through a major trust hoop to understand how a profile is targetable anywhere online without crossing the intent of protecting digital privacy.

More troubling, a data clean room flies in the face of basic tenents of digital trust. I’m borrowing from both McKinsey and ISACA here to define digital trust:

“Digital trust reflects the ability of an organization to be responsible and transparent about the data it collects, accesses and uses. Digital trust demands that the organization will reasonably protect the data it collects and securely delete the data when it is no longer needed. Further, digital trust with respects to privacy requires an organization to be transparent about when and how it uses AI to analyze information and/or make decisions that impact people. Finally, digital trust is dependent on an organization’s ability to clearly communicate these practices in a manner easily understood by its constituents.”

When you think about data clean rooms in the context of this clearly articulated definition, it’s easy to realize that data clean rooms work against the very concept of digital trust.  Yet, too many adtech firms are working hard to convince – er everyone – that data clean rooms are pro-digital privacy.

Here is an example of language from a data company meant assuage people’s concerns about data privacy in clean rooms: “Data clean rooms have considerable potential to democratize data- driven decision making, and consequently, underscore efficient and effective marketing strategies.”

Quite the highfalutin aspiration for clean rooms. Only trouble is that’s a load of B.S.  We can only appreciate the depth of the bait ‘n switch tactic when we deeply understand how data clean rooms track people as effectively as cookies ever did.

The Seductive Appeal of Data Clean Rooms

The stated benefit of clean rooms is that only anonymized information is shared, thereby prioritizing customer privacy while creating an enriched audience that can be reached in digital media. Technically, data clean rooms are “secure, cloud-based platforms facilitating the consolidation, analysis, and sharing of data between parties while adhering to stringent privacy norms (AppsFlyer).”

Data clean rooms are pitched as having huge advantages:

1. Enriched targeting data: Clean rooms merge a brand’s first-party data with aggregated, privacy-compliant, and enriched data from other data providers to create a data set with rich audience insights that, presumably, delivers better outcomes.   

2. Control over customer data: Data clean rooms, according to Databricks, “offer brands the discretion to control and operationalize customer data effectively. This autonomy over owned data empowers brands to optimize campaigns, enhance audience understanding, and subsequently, get better their Return on Investment.” Hmm – quite the promise.

3. Privacy Compliance: Data clean rooms come embedded with privacy features (huh??), ensuring the anonymity of individual user identities, and facilitating large-scale data analysis without privacy compromises (Forbes, 2021).

4. Attribution across channels: By equipping marketers with invaluable insights into attribution, the argument goes, data clean rooms facilitate a deep understanding of media performance and conversions by channels.

5. Deeper understanding of customers: By scrupulously analyzing event-level data, data clean rooms provide marketers significant insights into customer behaviors, without jeopardizing privacy. Worth noting – any good analytics platform can tell us this – no data clean room needed.

The Gotcha’s of Data Clean Rooms

Everything above sounds totally awesome especially since it is all wrapped up in a privacy gift box with a pretty, albeit sanitary, bow on top. Although data clean rooms talk a good privacy talk, they create many many trust issues.

1. Clean rooms are not necessarily GDPR compliant: Data clean rooms by themselves are not GDPR compliant because they protect only PII (Personally Identifying Information or immediately identifying data) and enable the sharing of non-PII indirect identifiers that are included within the definition of “Personal Data” protected under the GDPR.

2. Technical Expertise: Implementing and managing data clean rooms require a significant degree of technical expertise available to only rarified advertisers even if outside providers are used. A badly managed data set opens up the data to be reverse engineered, or worse, to reveal sensitive data. This is not hyperbole – this has already happened in data breaches and messy handoffs in the output process.

3. Data complexity creates privacy gaps: Data clean rooms require synchronistic management of data providers, data control, privacy compliance across different data sets for useful audience targeting to be available. Each element is complex increasing the potential for messy transitions and data leaks. Unfortunately, too often the complexity risks are understated because brands usually lack the technical expertise to oversee data clean rooms (internal or outsourced).  

4. Consent: Clean rooms do not address the end user consent requirements. To comply with the consent regulations, users must have been fully informed of the intended purpose, and have been free to say “no” to the request. The loosey-goosey nature of today’s data provenance provisions makes this consent requirements extremely difficulty to comply with in any use case. Clean rooms do not help this in any way.

5. Legitimate Interests: Related to the point above, organizations often want to use data for “secondary use”, and to do so they must have a legitimate interest in that processing. They must also establish that appropriate technical and organizational safeguards have been established, . That is a high hill for companies to climb and most don’t even attempt to scale the privacy mountain.

In short, data cleans are the latest black box which defies transparency and data accountability.

Data clean rooms are the latest “trust me” promise to alleviate brands’ concern about online tracking and obscures the need to ask the real question: why do we keep creating “new” ways to track people when people do not want to be tracked. Pew Research Center reports 79% of Americans are concerned about data collection by companies, while almost 81% feel they have little to no control over the data collected about them by these organizations. Moreover, fully 81% believe the potential risks of company data collection outweigh the benefits.

It seems too many are convinced (or have been brainwashed) to think user tracking is inevitable in digital marketing. It’s not as Apple’s Tim Cook so eloquently explains: “Advertising does not need vast troves of personal data to succeed. We’re here today because the path of least resistance is rarely the path of wisdom. Too many are still asking the question ‘How much can we get away with?’ – when they need to be asking ‘What are the consequences?” Data clean room provides technical cover to allow brands to trample with impunity the concept of digital privacy with ever more complex ways to track people all the while pretending we aren’t.

Take heart – there are alternatives. The newest ways to target audiences is by not targeting them at all. Rather, tech allows us to track the topics a brands needs to invest in thus allowing high intent audiences to find the content that really matters. (An example of this approach is TopicIntelligence.ai).

No people tracking needed at all. Really.


Share: