The question “How do you define a data clean room?” no longer has a subjective answer.
On Thursday, the IAB Tech Lab released the first of what will eventually become a portfolio of technical specs to support the standard operation of data clean rooms for digital advertising.
The Tech Lab also created a primer of recommended practices for how to use data clean rooms.
The guidance document and spec, which will create a standard for interoperability between vendors, were developed by IAB Tech Lab’s Rearc Addressability Working Group. Both will be open for a 60-day public comment period until April 17.
The data clean room space has been crying out for standardization.
There are just too many “points of friction” today, said Bosko Milekic, a member of the Rearc working group and chief product officer of data collaboration platform Optable.
For example, say an advertiser wants to activate an overlapping audience segment that was created by partnering with a publisher through a clean room setup. There’s no standard way to stage that data and get it into a DSP for campaign execution.
“Without standards to smoothen out the process and create a repeatable blueprint,” Milekic said, “it’s way too difficult to scale operations and use cases involving clean rooms.”
Clean and clear
The Tech Lab defines a data clean room as a secure collaboration environment in which two or more parties can use data for specific, mutually agreed upon purposes while also limiting any exposure of that data to other parties.
But, as the Tech Lab points out in its guidance, there currently isn’t one single way to accomplish this.
Different data clean room providers are free to use different privacy-enhancing technologies or rely on different privacy control mechanisms, so long as they ensure fully secure and purpose-limited data collaboration.
“Having a contract or an agreement between two trusted parties is fine, but that isn’t enough to be considered a clean room,” said Shailley Singh, COO and EVP of product at IAB Tech Lab. “A clean room has to offer privacy technologies, otherwise there’s no difference between what it’s doing and a regular business relationship.”
Sharing is caring
The Tech Lab plans to continue adding new technical specs to its data clean room standards portfolio over time, including around measurement and data enrichment.
But the first point of friction it decided to work on was a technical solution for interoperability between different data clean room vendors, which it’s calling “Open Private Join and Activation,” or OPJA for short.
OPJA’s purpose is to create a standard way for data clean room providers and their clients to match audiences between two data sets and share the results so the data can be used for ad targeting while still preserving privacy.
“Different clean rooms might have their own APIs or their own methods,” Singh said. “But if there’s a spec that establishes interoperability for activating overlapping audiences, then there’s a standard way of inputting to a clean room and extracting the output.”
In practice, that means an advertiser could use OPJA to interact with multiple vendors using the same data set. And there’d also be no hassle if an advertiser and publisher want to collaborate but both use different clean room vendors.
What about the walled gardens?
Which is great, but one might wonder whether the walled garden clean rooms will have any interest in using these standards.
Interoperability is a major priority for smaller independent data clean room vendors, but it hasn’t been for the walled garden players.
For what it’s worth, Google and Meta are both members of the IAB Tech Lab’s Rearc Addressability Working Group. Google also contributed to the OPJA spec and to the Tech Lab’s data clean room guidance document.
“Google has used most of our standards so far,” Singh said, “so I don’t see a reason they wouldn’t use some or all of this one.”
Talk to your lawyer
Although the Tech Lab is hoping for wide adoption of its spec across the industry so that more advertisers and publishers can easily use data clean room technology, Milekic was quick to point out that OPJA isn’t a solution for legal compliance.
And neither is a clean room.
Simply using a clean room doesn’t guarantee a business is covered from a regulatory compliance standpoint. For that, companies are responsible for reading the law and doing their own due diligence.
“Clean rooms help with privacy protection, data minimization and purpose limitation when companies are doing data collaboration,” Milekic said. “But using a clean room doesn’t automatically help you comply with data regulations, and people need to understand that.”