The online world is changing. In particular, efforts to rein in excessive online marketing - such as current(GDPR) and upcoming(revised Swiss DPA) legal requirements and technical measures such as the abolition of third-party cookies - are forcing operators of internet services to rethink their strategies. The impact of advertising media and the behaviour of the target group(s) must be collected in a way that protects both the rights of users and the reputation of operators.

A classic example: A company's own product is advertised on third-party websites. The product or service should then be purchased or utilised on your own website. Conversely, products can be advertised on your own website in order to then sell them via another channel.

But how does the link between your own and third-party websites work? Until now, it was possible to exchange data with other parties involved or to collect the required information yourself using tracking pixels. Classic attribution. However, this approach is proving to be increasingly risky. The parties involved have to protect each other legally, because sharing personal data is no longer ethically or legally tenable.

A possible solution? The exchange of relevant data without revealing the identity of one's own customer base. Legally clean, ethically clean. We're talking about Data Clean Rooms!

What is a data clean room?

The biggest challenge today is to understand the behaviour of potential customers beyond the boundaries of your own infrastructure and to compare it with your own advertising measures in order to optimise them.

A data clean room is basically an environment in which data from different parties can be brought together without one party being able to view sensitive data from other parties involved. To draw a figurative comparison: A data clean room is a room in which known and unknown(?) people are brought together. this group can be asked questions via an intercom system. This allows important questions to be answered without revealing the identity of the person answering. In practice, this includes questions such as:

  • How many of you bought our product after seeing advert XY on our partner?
  • How did you find out about our product?
  • What content on our website convinced you to buy from our partner?

The implementation of a data clean room

In order to use a data clean room properly, all parties who want to gain cross-party insights must agree with the other parties involved on what information should be exchanged and which key can be used to bring it together.

Typically, all parties have behavioural data and a common key that makes it possible to link the individual behaviours. Such a key can be a common ID (identity federation), for example, but also simple first-party information (such as an email address from your own customer base). The key is anonymised according to an agreed pattern - for example MD5, SHA256 or other one-way algorithms. The data is then provided with the anonymised key and fed into the shared data pool.

What's the catch?

In practice

The prerequisite for a clean data clean room is that the individual parties cannot access each other's data directly. They can only obtain aggregated, non-personal analyses. In practice, it is therefore essential to tackle such a project with a third, neutral partner. The independent partner has no way of identifying the individuals in the centrally collated data, as it does not know the encryption. At the same time, the individual parties can only access aggregated queries that do not allow any conclusions to be drawn about individuals from their own customer base.

As data clean rooms are more of a concept than a concrete product, different approaches can be used to implement data clean rooms. For example, a specialised self-service offering can be hired on the Internet or a digital agency can be brought in to act as a man-in-the-middle, collate the data and provide a suitable analysis option that is appropriately isolated for all parties involved.

Although no personal data is usually available in data clean rooms, it is advisable to pay close attention to the safeguards offered when transferring data. In this way, conflicts with applicable law (data protection) can be avoided in the relationship between data controllers and processors.