The IAB Tech Lab formally released its first data clean room guidance for advertisers and publishers on Wednesday.
With it, the Tech Lab also shared the first version of the Open Private Join and Activation (OPJA) specifications, which sets use cases for data clean rooms and directions for how to match encrypted audiences.
The new standards haven’t undergone major changes since the pre-release drafts were initially published for feedback in February, said Shailley Singh, IAB Tech Lab COO and EVP of product.
One upgrade to the OPJA standard is interoperability with the IAB’s Ads.cert standard. This should make it easier for advertisers and publishers that use the encryption standard to launch data clean room activations.
Ads.cert creates a cryptographic key so that no ad tech intermediary can fudge a bid request or use unverified data, such as a fake device ID or IP address.
“The next step is adoption,” Singh said, “to rally the industry to adopt the standard for further activation purposes and clean rooms.”
Recommendations, not rules
The clean room guidelines and the new OPJA specifications are more like best practices than industry-changing specs, like the trio of Ads.txt, Sellers.json and Ads.cert, which required the IAB to push hard for widespread adoption.
The main purpose of these OPJA standards is to help companies more easily and securely use data clean rooms for audience matching and attribution.
Advertisers especially should be aware of and consider a number of so-called collusion scenarios before setting up a clean room-based campaign. “Collusion scenario” refers to any situation in the cryptographic supply chain sequence where more than one component is owned by one company, like a publisher with an SSP or a platform that combines a DSP and an SSP.
If an advertiser unwittingly uses a clean room setup whereby the media company owns the ad system, the publisher could see unencrypted audience data flowing between the two components it owns.
In that case, the publisher theoretically could infer the encrypted match keys of the advertiser’s first-party data. The data would be sitting there, unencrypted and identifiable with a little bit of data science work.
If the media company really wanted to take it to the next level of bad actor activity, it could generate labels so that the advertiser overbids on inventory or artificially inflates match rates.
That’s if the publisher owns the SSP, is a conscious fraudster and is dealing with an advertiser that is unaware of the fact that the SSP and media are co-owned. It happens.
Clean and clear
The IAB Tech Lab’s guidelines provide the questions to be asked and the implementation basics that should be applied in order to prevent that type of deliberate fraud or even sincere mistakes that might expose an advertiser’s or publisher’s data.
In most cases, advertisers are what one might think as the “flats” and publishers are the “sharps,” because buyers are the ones with the money. Sure, if an advertiser owns the ad system, it could generate artificially high or low match rates that bamboozle a publisher, but why bother? An advertiser doesn’t profit in that scenario.
These initial clean room specs are a sound starting place for brands and for publishers, and the vendors in between them in a direct advertising deal. But data clean rooms themselves don’t become interoperable.
For example, an advertiser, agency, DSP, SSP, media company and clean room tech provider could all get on the same page and run a clean room-based campaign using these standards. But the idea isn’t for a publisher or advertiser that uses a number of clean room vendors for different campaigns to standardize data across them all.
For now, the IAB Tech Lab wants to help make data clean rooms tech less daunting to ad buyers and sellers, which is why the first priority is to create step-by-step implementation basics.
Marketers or publishers who are new to this “could easily get lost in the details,” Singh said.
“It’s a big step for data cleans room, though,” he said, “to have standardization.”