How Privacy-Enhancing Technologies and Clean Rooms Improve Attribution While Protecting Privacy
August 10, 2022 | 6 min read
By: Andrei Lapets, VP, Engineering & Applied Cryptography at Magnite
Cookie deprecation and more stringent privacy regulations are driving the industry to find new ways to ensure relevant ads reach target audiences online. Yet the dual goals of attribution and privacy can feel like a Catch-22 for advertisers and publishers.
How can brands achieve audience attribution while keeping their data safe?
Industry professionals are encountering much discussion about clean rooms and privacy-enhancing technologies (PETs) as potential paths forward in this arena. Here’s a closer look at both solutions and how they can help solve for identity in a fast-changing ecosystem.
What’s a data clean room?
Clean rooms are data warehouses that allow tech platforms, advertisers, and publishers to match their aggregated and customer-level data with advertisers in a safe, controlled way.
Brands can move their (often) first-party data into such a clean room to see how it matches up against the aggregated data from these platforms. Importantly, none of the aggregated data leaves the clean room.
In this way, partner organizations can jointly analyze data while keeping it all in one place. Understanding the overlap (or lack thereof) helps identify where advertisers are missing desired audiences or potential revenue opportunities.
While data clean rooms offer a viable means of matching audiences, they are by no means a silver bullet. One concern with data clean rooms today is the scale and granularity of the data that partners are comfortable delivering to the clean room in the first place. How large of an audience segment can be matched for addressability purposes? A buyer might also encounter additional complexities if they need to match data within several clean rooms (each serving a subset of publishers). Another consideration is cost: buying access to these clean rooms comes at a price, particularly for smaller brands. Finally, the audience data set ultimately needs to be applied to the publishers’ inventory, and this is still often accomplished using cookies or device IDs via a data onboarding provider.
At a higher level, it’s not entirely in walled gardens’ best interests for marketers to match data into the walled gardens. Clean room “hosts” tend to control the terms, so data sharing often works in their favor as opposed to the brands’. As a result, advertisers can in turn be hesitant to provide detailed transactional data or to create shared folders for fear that privacy may be compromised. These are aspects that must be balanced when exploring clean room solutions.
Fortunately, as an independent omnichannel platform, Magnite can integrate with all data clean rooms and provide guidance on how to manage them best.
What are PETs, and how are they different from clean rooms?
Privacy-enhancing technologies (PETs) include a broad range of software and hardware solutions designed to make using customer data possible while minimizing risks to data security and privacy. PETs can be embedded into existing platforms such as exchanges that offer activation and measurement capabilities. Unlike clean rooms, PETs are built-in features of the service offering itself, reducing or eliminating the service provider’s visibility into the raw data. Because fewer parties are involved in a data transaction, information transfer is also minimized.
Some examples of PETs include multi-party computation (MPC) — like Nth Party which Magnite recently acquired to build leading identity and audience solutions for sellers and buyers — and homomorphic encryption (HE). These are software-based techniques that make it possible to generate identifiers, match data, and surface audiences based on that data, without exposing the raw personal data to individuals or other third parties. They can also measure outcomes using encrypted data – without decrypting it. Importantly, they can be implemented at scale.
Other PETs include trusted execution environments (TEEs), which offer similar capabilities to MPC and HE, but require specialized hardware. Meanwhile, PETs such as differential privacy (DP), can reduce risks associated with measurement and other types of data analysis but are less suited for services that require individual-level data (such as creating identifiers, row-level matching, or activation). DPs are a system used to obtain the useful information from the databases that contain personal information of people without revealing the personal identities of the individuals.
There are certain benefits to built-in PETs that differentiate them from clean rooms. For one, PETs give brands more control over customer-level data used for activation. For example, it’s possible for a publisher and an advertiser to match data sets against one another without having valuable and privacy-sensitive registration data leave their organization (as opposed to clean rooms, with which advertisers’ first-party data is shared).
Another perk of some PETs is that they allow advertisers and publishers to encrypt data at the source, so protection from leaks does not depend directly on their partners’ good behavior. Protecting customer data from the get-go can help reduce liabilities, cybersecurity costs, and legal costs associated with data sharing negotiations and data breaches.
Importantly, in domains like CTV (where other technologies are not applicable or far from being implemented), built-in PETs allow targeting on whatever first-party data is available without the publisher having to disclose that data to anyone.
Does your organization need both?
Your organization may very well use both clean rooms and service providers who offer built-in PETs. For example, you and your identity resolution partner may already be using the same clean room provider, which allows you to enrich your data. When the time comes to activate this data (something that the clean room provider may not offer as a service), you can submit your enriched audience data in an encrypted form to an activation service provider who will never see that data.
Overall, a push for privacy-centric, cross-platform collaboration and greater transparency about how that’s accomplished brings value to the digital ecosystem at large. As advertisers and publishers navigate attribution in a cookie-less world, they have much to gain from partnering with platforms with quality traffic and rich audience segment data — while ensuring their first-party data is never compromised.
At Magnite, our ability to work with any clean room, together with our built-in PETs, allow clients to continue working with their existing partners while avoiding the effort and overheads of finding a clean room provider with all the perks of attribution.
Regardless of what options you choose when enhancing and activating your audience data, Magnite is a trusted partner that can agnostically work with a myriad of solutions to help ensure media spend drives outcomes and ads reach their target audiences.