After months of hard work and cross-industry consultations, the Interactive Advertising Bureau (IAB) Tech Lab has just released the first draft of proposed standards for data clean rooms, along with a guidance document to spell out what a data clean room actually is and what it’s meant to do. The timing of those publications couldn't be any better.
Two big storms that have been brewing for a while are about to converge on the marketing industry in 2023: the long-promised deprecation of third-party cookies, and privacy regulations starting to show their teeth around the world. On one hand, what has been dubbed the ‘cookie apocalypse’ is sending marketers into a frenzy of first-party data collection and encouraging companies to invest in more direct data collaboration with their advertising partners to salvage addressability. Privacy regulations, on the other hand, are causing many of them to think twice about sharing data with outside partners. The cost of crossing the line is just too steep—in financial terms, for sure, but even more importantly in consumer trust and brand reputation.
While one storm is stoking the data collaboration fire, the other is dumping buckets of cold water on it.
Data clean rooms are key to solving that conundrum, but most are difficult to set up and operate. In its State of Data 2023 report, the IAB points out that it’s not unusual for companies to spend $500K a year on their data clean room, have 10+ staff dedicated to it, and take up to two years to get it up and running.
It’s not too surprising then to see that while many large enterprises are embracing data clean rooms, adoption remains relatively low for small and medium-sized companies. In the absence of established standards, it’s been difficult for marketing organizations to understand what constitutes a data clean room or not, pick a vendor that’s a good fit for their use cases, and trust that the features they’re buying don’t create more issues than they resolve. The last thing we need in the industry is the proliferation of data collaboration initiatives based on sub-par data clean room deployments that end up exposing more customer data to damaging leaks or malicious attacks.
That’s why I’m thrilled that the IAB drafted those new standards and opened them up for public comment. And I’m even more pleased that InfoSum got a chance to take an active part in the process (alongside many other key contributors like Optable, Decentriq, Habu, Snowflake, Google or TransUnion), and will continue to be deeply involved as a member of the IAB Tech Lab Rearc Addressability Working Group. These new standards are leveling the playing field for the data clean room landscape, and I’m confident that they’ll boost data clean room adoption for companies of all sizes and unlock new growth opportunities for marketers across all sectors of the economy.
The initial drafts can be found on the IAB Tech Lab website, but let me highlight a couple of key tenets here to give you a taste of their far-reaching ramifications.
Aiming high with OPJA
The first technical spec that’s coming out of this effort is called OPJA (Open Private Join and Activation), and it relates to a very common use case in advertising: the act of joining an advertiser’s and a publisher’s first-party data to size up the overlap between the two datasets and allow the advertiser to target its own customers on the publisher’s platform.
For this operation to satisfy the new OPJA standard, it needs to be fully encrypted, and done in a way that prevents either party from learning the identity of people who aren’t in their own contributed dataset, as well as the identity of the people in their own dataset who actually end up in the joined dataset. Using the OPJA-defined activation protocol, the resulting audience can then be activated using a DSP, for instance, without divulging the identity of any of the end users.
It’s a tall order, and it involves the use of highly-specialized privacy-enhancing techniques (PET), like private set intersection (PSI) or trusted execution environment (TEE), to succeed. But it’s exactly the type of robust requirement that’s needed to enable interoperability between clean rooms—a crucial step to democratize data privacy and security—and separate true data clean rooms from wannabe data clean rooms.
A data clean room is more than the sum of its PETs
In a great post on PETs last year, my colleague Alistair Bastian cautioned that “it’s a common misconception that all data clean rooms come with best-in-class PET features right out of the box. They don’t. If a vendor tells you that its platform is a clean room simply because it has encryption built-in, run.”
We’ve made progress since then. In my conversations with new and existing clients, I’ve noticed that marketers are more knowledgeable about techniques like double-blinding, differential privacy or k-anonymity than they were even a year ago. But there was a danger that the opposite misconception was beginning to take hold: that a data clean room is nothing more than a PET library. That’s why it was so important for the industry to come together and agree upon a standard definition for what a data clean room is beyond PETs, who its main users are, what minimum set of protocols it needs to include and what its most common use cases are.
The data clean room guidance and recommended practices document makes it crystal clear that data clean rooms need to include strong mechanisms to control end user permissions, as well as the type, volume, and scope of queries allowed by the parties: “A data clean room implements the principle of least privilege, which is, that a user only has access to specific data and resources required to complete a task and no more.” For marketers looking to invest in a data clean room, knowing that it allows them to retain “full control over how their data is used or available to other participants” is of vital importance.
From hype to reality thanks to new standards
I suspect you’re familiar with Gartner’s Hype Cycle. If you saw its most recent iteration for digital advertising, you might have noticed that data clean rooms were, according to the research company, midway through their climb of the dreaded ‘peak of inflated expectations,’ and 5-10 years away from full maturity. That’s both exhilarating (data clean rooms are on the map) and deflating (there’s too much hype about them, and it’s going to get worse before it gets better).
I’m convinced that standardization of both common definitions, as well as the underlying technology used within a data clean room, will help minimize that whiplash and accelerate adoption. For data clean room providers like InfoSum, it’s a roadmap for continuous innovation and a catalyst for both healthy competition and interoperability. For advertisers, publishers, agencies and their partners, it’s a strong signal that data clean rooms are coming of age, and that they’re ready to respond to their clients’ most pressing use cases with best practices.
Forward-looking brands are already transitioning from hype to reality. For example, French automaker Groupe Renault and its agencies OMD and Annalect recently used an InfoSum data clean room to run a first-party data campaign with German media group Alex Springer All Media (ASAM) that involved the type of data matching discussed in the OPJA spec, as well as lookalike modeling to find new prospects in the ASAM dataset. The InfoSum data clean room was fast and easy to set up, and the results spoke for themselves: the campaign achieved better conversion (+18%) at a lower CPA (-15%) than a cookie-based targeting campaign that was set up to run concurrently.
Please get in touch with us and we’ll show you how a data clean room that abides by, and even exceeds, the new IAB standards can propel your data collaboration initiatives to new heights.