IAB Tech Lab’s updated data clean room standards: What marketers need to know
Here’s how IAB Tech Lab’s guidance and specifications are paving the way for DCR security and interoperability.
IAB Tech Lab has released a finalized first version of guidance and standards for data clean rooms (DCRs). The emerging technology is used by marketers to securely enhance first-party data and help activate this data in campaigns.
The organization first released both Open Private Join & Activation (OPJA) specifications and Data Clean Rooms Guidance for public comments in February. These documents came from IAB Tech Lab’s Rearc Addressability Working Group, which meets regularly to update existing protocols and introduce new ones.
Why we care. The standards and guidance benefit brands, publishers, adtech vendors and other partners in the DCR ecosystem, like privacy and security providers. They provide a common reference point, giving marketers confidence in the security of their data and the value of the insights and matching capabilities that DCR provides. This helps make the DCR options on the market more interoperable. And with more options to turn to, costs could go down as well.
Security and privacy. The finalized first version of OPJA provides specifications with three main security and privacy goals in mind.
First, the end user (customer) has all personally identifiable information (PII) protected through encryption tools throughout the DCR transaction. All parties with whom the end-user has not shared their PII will not have access to it.
Additionally, the privacy of the end user is maintained throughout so that participants in the DCR will not know the identity of the end user if that data isn’t part of their contributing data set.
Finally, in building audiences from these contributing data sets, each participant will be kept from knowing which individuals in their sets are members of the combined audience that results from the DCR computed overlap.
“[OPJA] isn’t prescriptive,” said Shailley Singh, EVP, Product and Chief Operating Officer for IAB Tech Lab. “It’s a more informative and descriptive document for people to understand because it’s still an evolving space and security and privacy technologies are evolving.”
New guidance. The updated guidance clarifies DCR definitions and the differences between DCRs and other data collaboration solutions.
It includes improved descriptions of cryptographic techniques used by DCRs, as well as more information about operational costs and matching techniques in DCRs.
To help DCR users to comply with new data privacy laws, the guidance includes security and trust controls for data governance. For instance, the DCR should have the capability for data contributors to manage and update datasets based on permission updates either by individuals or by updates to the data contributor’s policies.
This makes sure that the data-enhancing computations within the DCR keep pace with ever-evolving privacy regulations.
Activating audiences. One of the common uses for DCRs by brands and publishers is in digital campaigns. A brand wants to be able to reach its customers with relevant ads, but doesn’t know if those customers exist within the publisher’s first-party data.
Dig deeper: How Penske Media uses a CDP to help advertisers reach audiences
OPJA recommends two match key types used in the DCR for email and phone number data, each making sure that PII isn’t disclosed to other parties.
“If you want to activate your first-party audience and you have that email or phone number, then how do you do that with publishers and different destinations?” Singh said. “It helps you understand what kind of a match you have. Given all the privacy concerns, this specification defines how you can deploy some of the cryptographic techniques and understand the match.”
Another specification covers how marketers can activate the matched audience in a programmatic environment, he said.
Further specifications beyond activation — covering measure and attribution — are slated to roll out later this year.
Costs. With big players like AWS offering clean rooms to a wide variety of marketers and media partners, competition is building in the DCR space. This could lower some costs associated with DCRs.
The IAB Tech Lab guidance lists the following potential costs to a DCR:
- License or usage fees
- Participation costs for participants and data contributors
- Data storage
- Data preparation
- Data connection
- Costs per query or other operation costs
- Talent and skills costs for maintaining privacy technologies
- Operating expenses (OPEX).
Currently, many of these costs contribute to a high barrier of entry for smaller organizations. But DCRs are a significant technology helping organizations navigate growing privacy regulations, a hurdle that all marketers have to clear.
Related stories