ADCG Explainer: Can a Clean Room Help Keep Data Private?
In recent years, organizations have utilized “clean rooms” as part of their data governance practices. According to this Wall Street Journal article, the term “clean room” is derived from the manufacturing industry where a clean room is a “controlled environment that is free of contamination.” In the data governance industry, a clean room is a software process that enables organizations to exchange secure data with outside contributors or users without allowing those parties to view the actual consumer information.
In establishing a clean room, clean room software will review personal data sets derived from first-, second- and third-party sources, pool all similar data, and derive analytics from this similar data. Those analytics are then shared with third parties for review or further use, all while keeping actual data private.
Matt Karasick, chief product officer at clean-room software provider Habu Inc., told the WSJ that clean rooms utilize “advanced statistical techniques that can make it impossible to re-identify any individual from the data.” Karasick further stated these techniques protect the data “at source, at transit and in use[.]”
Use Cases
There are several uses for clean rooms, including expanding an organization’s usable data sets beyond those they would normally have access to if they relied solely on their own data. According to DigiDay, this allows brands to “draw clearer insights and improve the customer journey.” The use of clean rooms also permits organizations to utilize these external data sources without entering into contractual agreements with potential vendors to expand their data sources, and allows users to fill in any gaps in their sourced data by adding diversity to their consumer audiences.
The use of clean rooms is a recent alternative to the use of cookies—data blocks that are created by website servers during a consumer’s online usage to maintain records of said usage. According to a statement to DigiDay by Blaine Britten, senior vice president of data strategy at Stirista, cookies have “been the de facto’ best’ solution we had for personalized marketing in the digital space.” However, Britten continues, clean rooms are on the rise due to their ability to “create more personalized experiences and offer a better way to manage that consent the consumer gives not only to the brand but the partners and vendors.”
This shift could not be more timely as, according to statements by the management consulting firm Winterberry Group to the WSJ, U.S. marketers spent around $14 billion on third-party data—a number which will rise to $15.5 billion in 2023. This increase in marketing efforts, paired with recent increase in United States privacy legislation will create an increased need for data governance that ensures privacy and protection of consumer information. According to Britten, clean rooms can ensure this practice is carried out by your organization.
Compliance Considerations
If your organization is interested in implementing clean room technology, consider certain compliance considerations.
First, ensure that your organization and your clean data room provider comply with all privacy regulations applicable to the consumers you are deriving data from, as certain regulations will follow the consumer’s information and will become applicable to you, even if you are not directly sharing their data.
Second, be diligent in your selection of the proper provider of clean room technologies. There are several brands on the market that are currently offering clean room technologies, such as InfoSum or Habu. The capabilities of these organizations vary and, according to the Wall Street Journal, “[t]he term “clean room” is being applied to a range of companies with very different practices, creating some confusion in the industry.” As such, your organization should conduct proper due diligence of potential providers.
Despite this, Anthony Katsur, chief executive of Interactive Advertising Bureau Tech Lab, a standards-setting body in the ad industry, expressed to the WSJ that the organization has plans to release in December 2022 draft standards for what can be labeled as a clean room, and what practices providers must follow to carry the label.
* * * * * * *
To read our news alerts discussing: the five new US Privacy laws taking effect in 2023, TikTok taking steps to keep data private, Australia signs Privacy Bill into law, and the federated learning study findings released by Intel Labs and the Perelman School of Medicine, click here.
This week’s breach report covers the following companies: Community Health Network, Hive, Receivables Performance Management, and Bank of Hope. Click here to find out more.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
New release tomorrow: Episode 83 will feature Matthew Esworthy, partner at Bowie-Jensen LLP, discussing geofence warrants and their use by law enforcement in investigating the January 6 insurrection.
Our most recently released episodes: