As brands and advertisers contend with increasing privacy concerns and restrictions that impact their targeting and measurement capabilities, many are turning to data clean rooms (DCRs) for solutions and answers.
Data clean rooms are online platforms that allow multiple companies—or divisions within a single company—to bring data together, without PII (personally identifiable information), so that it can be processed, stored and analyzed in a privacy-compliant way. DCRs can be used for measurement and optimization, monetizing proprietary data, and garnering insights from advertising, giving brands a privacy-safe method of gathering transaction data from various sources.
Data clean rooms are growing in popularity as the use of third-party cookies and other identifiers declines, providing advertisers with a new, future-oriented method of targeting and attribution across multiple platforms/parties, without the data points that can be tied back to a specific user.
The aggregated, anonymized data is organized into different groups or cohorts, allowing effective, strategically informed targeting that includes no individual customer information. Advertisers are equipped with only the necessary information and levers needed to reach the best demos for their campaign goals without ever having to know who specifically their ads will reach, thereby protecting the end user. They can then measure the effectiveness of those campaigns, using those insights to inform their cross-channel budget allocation.
But even if you think a data clean room is the right fit for your brand, how do you know which one to choose? What makes one data clean room solution a better fit than another?
We sat down with Edik Mitelman, General Manager, Privacy Cloud, at AppsFlyer— one of today’s leading data clean room providers—to dive into what makes their offering a strong option.
Q. ‘Data Clean Rooms’ has become a bit of a buzz phrase this past year, but many folks still have uncertainty about exactly what they are and how they work. How do you describe your offering to prospective clients in a readily digestible way?
The AppsFlyer Data Clean Room (DCR) allows multiple parties to collaborate on their respective first party datasets and perform computation on top of them, resulting in insights and actionable outcomes that don’t expose their respective sensitive data to each other in the process.
Q. In data clean rooms’ current state, which industries or company sizes are best positioned to benefit in the next 12 months, and who should be considering them next?
Every company that is engaged in data collaboration of some sort should be considering leveraging a DCR right now. Whether for audience activation and segmentation purposes, identity resolution or marketing measurement and optimization – all of these activities require collaborating with ad networks and other tech partners and maximize utility and user experience while fully preserving end-user privacy.
Brands shouldn’t wait for the regulators and platforms to introduce more strict requirements and then react. The sooner a business adopts privacy enhancing data collaboration technology, the better they’ll be set to grow and win in the new reality.
Q. What do you see as the greatest challenges in the space?
There are two major challenges:
First is the evolution and the availability of various cryptography-based PETs. The industry is united, probably for the first time, in our attempt to enable these technologies to support the marketing industry’s scale, size and needs. But we are not there yet and there are a lot of technological breakthroughs required to fully leverage technologies and protocols such as SMPC, PSI and FHE to the customer’s needs.
The second major challenge is the lack of standardization across the various clean rooms. AppsFlyer, alongside other leading clean room providers, are collaborating in working groups in bodies such as the IAB and W3C to create standards and policies that will enable interoperability and clarity among the various vendors and technologies. Once some level of standardization is achieved, it will be much easier to assemble the fragmented DCR market of today and create a streamlined flow of interoperable cleanrooms that work with each other to maximize value and preserve privacy.
Q. How does your data clean room fit into your larger goals or plans for the AppsFlyer Privacy Cloud?
The AppsFlyer Privacy Cloud is a trusted open platform for ecosystem collaboration and innovation with a clear mission: enhancing end-users’ experience while preserving their privacy.
DCR is one (albeit key and central) piece of this platform that also includes different PETs, data delivery components, advanced BI capabilities and tools such as Aggregated Conversion Modeling, Predictive Analytics, Incrementality and more that enable the ecosystem to create a better, safer digital experience to the end users and growing their business.
Q. Can you tell us more about Private Set Intersection (PSI), and your recent partnership with Intel?
Private Set Intersection (PSI) computation is a specific scenario in secure multi-party computing (MPC) applications; this is one of the leading PETs used for secure and private data collaboration.
The PSI protocol allows two parties to jointly calculate the intersection of their respective data sets. At the end of the operation, one or both parties should get the correct intersection and will not have access to any of the other party’s data outside the intersection.
One popular way to implement PSI is using Homomorphic Encryption (HE), a powerful cryptographic primitive that allows computations to be performed on encrypted data in such a way that only the secret key holder has access to the decryption of the result of these computations.
Here’s an example of how a PSI can work:
Suppose Alice has a list of friends “A”, and Bob has a list of friends, “B”. Alice is interested in finding out who their mutual friends are, and Bob feels comfortable sharing this information with her. Of course, Alice could easily figure this out if Bob gave her his list. Alternately, Alice could send her list to Bob and Bob could provide the information she is interested in. However, both Alice and Bob value their privacy and neither one of them wants to reveal their full respective lists of friends to the other.
PSI allows Alice to find out which friends she has in common with Bob—and nothing else about the rest of Bob’s friends—while preventing Bob from learning any information about Alice’s list of friends.
Our collaboration with Intel and with other leading organizations in the industry is focused in advancing and developing PSI and HE to be applicable in the scale and performance required by our mutual customers and needed to perform real-time or very fast computations on huge amounts of data.
Q. What are the advantages to your data clean room being built by design for a mobile foundation?
Our DCR wasn’t designed for mobile measurement alone; it was designed for cross-channel and cross-platform measurement.
Over the last decade AppsFlyer built, developed and perfected market-leading measurement and optimization capabilities that trustfully serves 60% of the market. Leveraging our expertise in measurement technology, the partnerships we have with 10K+ partners and the trust we’ve earned from thousands of brands and advertisers across the world gives us a unique position; we are able to build technology that is objective, unbiased and represents our customers’ needs in this ecosystem. This is what gives our DCR a very strong advantage.
Unlike general-purpose clean rooms, data warehouse DCRs and walled garden DCRs, we serve the needs of our customers; we are cloud platform-agnostic and our only incentive is to maximize utility for our customers while preserving end-user privacy. This could only be done well with the foundation of what AppsFlyer has achieved thus far.
Q. What are some of the key factors to consider about your data clean room solution—including interoperability—for someone in the consideration phase weighing different options? Do DCRs help with marketing within the walled gardens (triopoly)?
For now, the concept of “zero trust” and supporting technologies and cryptography are not yet ready for adoption.
Therefore, when choosing a clean room provider, one must pick wisely. Is it a vendor I can trust? Does the vendor have other business interests that may involve my data? What are the incentives of the vendor? What are the credentials? Is the vendor owned and/or funded by a competitor/network/walled garden company?
The AppsFlyer DCR definitely can help in measuring and optimizing walled gardens. This is exactly what it does today, by alleviating the blind spots and the issues created by the reduction in signals and identifiers. Each walled garden has their own version of a “clean room”, so to speak, but then advertisers have to rely on publishers to “grade their own homework”. That takes us right back to square one and the reason MMPs were created a decade ago.
Our DCR is interoperable with other clean rooms and PETs deployed by various partners. We are working continuously to add additional integrations in order to enable a complete cross-channel and cross-platform measurement and optimization solution to our customers.
Q. With signals going away, and data ownership growing in importance, what makes data clean rooms a better option than data onboarding, identity solutions, DMPs, CDPs, audience tools, CRMs, or data warehouses?
Data clean rooms are not a better option than any of the mentioned components simply because they are not competing and are not placed in the same level of the marketing stack.
A data clean room can be integrated with a selected IDR solution, multiple CRMs, CDPs and any other data source, where the underlying data can be located in any of the available DWHs.
When a customer needs to collaborate on all these different data sets that include first and third party data, all these different tools and applications operate on top of the clean room infrastructure and leverage various PETs (such as differential privacy, k-anonymity and others) to preserve privacy.
Q. What is your view on industry standards in this space?
We are working on it as an industry. For the first time, most of the significant players in web browsers, platforms, operating systems, ad networks and technology companies have gotten together to define standards and policies. IAB Tech Lab, PAT-CG as part of W3C and WFA Cross-Media Measurement are examples of such cross-industry collaboration on standardization on clean rooms and PETs. The jury is still out, but many players in the ecosystem are trying their best because the need for standards and interoperability is clear and obvious to all.
Q. Do you think data clean rooms are ‘the final answer’ in the cookieless future, and their capabilities will continue to evolve, or is there an entirely new solution on the horizon that could replace them?
DCRs are definitely not a silver bullet or a panacea. As I mentioned, it is a piece of the puzzle that is required to maximize user experience and utility while not trading off privacy and safety. There is still a long way to go in this space, there will be a lot of innovation, evolution, technological breakthroughs, collaboration with the regulators and major platforms, standards and policies. There are no “new solutions” on the horizon because the path to a “final answer” is very long and, frankly, somewhat utopian.
Each use case, each problem and each need will require a different set of tools from this toolbox. Not every case needs confidential computing, not every data collaboration requires using SMPC. There are and will be many different PETs and clean room applications and each company will pick and choose what best suits their and their end-users’ needs.
Q: What regulatory considerations (in the US and abroad) must marketers consider when looking at using data clean rooms?
The usual suspects: GDPR, CCPA, COPPA, PiPL, LGPD and any other data protection or consumer privacy protection regulation on the country, region or state level.
Q. Before you consider a Data Clean Room, what other solutions should you have in place?
It’s not so much about the solutions as it is about changing the mindset and the paradigm on how you use data in your organization to generate insights and optimize activity.
The idea is to stop using user-level data and leverage aggregated, cohort-based datasets. Adjust the ETLs and the BI processes accordingly, and rethink the way you treat your first-party data and what you expect to get from partners and third-party data providers. Once you do that on a conceptual level, implementing a DCR will feel very natural and smooth.
Q. With discussions around Universal ID Solutions like TTD Unified ID, etc, growing in popularity, how does your DCR complement or remove the need for said solutions?
Universal ID solutions and other types of identity management and resolution are great ways of enabling better matching, activation and segmentation of audiences. They will work on top of the clean room infrastructure.