Although we are (most likely) not part of the Matrix, we most definitely live in a digital world.
As consumers and organizations, protecting our data and privacy is critical; however, as users, we still want to maximize our experience with our online activity.
This is known as the User Experience Paradox: we expect a personalized experience but are not really keen on sharing personally identifiable information (PII). For example, you’d appreciate your friendly neighborhood barista remembering your name and coffee order, but would get creeped out if they knew where you lived.
Ethical, business, user experience, and regulatory drivers have significantly increased the importance of privacy-enhancing technologies (PETs) in addressing the paradox.
In this article we’ll explore this brave new world and understand how data clean rooms — which have been a hot topic in the digital marketing space—come into the picture to allow marketers to run efficient campaigns in a privacy-compliant and secure way.
So what exactly are PETs?
In the simplest terms, a privacy-enhancing technology is a technology used to protect the personal data of individuals and organizations in the digital world. What does this mean in practice? Here are some examples of what these technologies do:
- Data encryption: A process that scrambles data so it is unreadable to anyone who does not have the encryption key (a string of information that once processed, can encrypt or decrypt data). This is one of the most commonly-known PETs available, as it ensures that any personal data stored in a system is secure and unreadable to anyone who does not have the key.
- Access control: Technology that allows organizations to define, monitor and control different levels of access to certain types of data so that individuals can only access the data they are authorized to view. For example, many platforms offer admin, user and viewer access levels to differentiate permissions among user types.
- Data minimization: This PET ensures that only the necessary data is collected. It helps organizations limit the amount of data they collect and store, and can reduce the risk of data breaches.
Why do we need PETs?
With personal information collected, shared, and stored online, concerns about privacy have grown, and rightfully so. Local and regional regulations (such as GDPR, CCPA, and others) have been a main area of interest in the last few years, as has the general population’s concern and awareness about data privacy.
Enter PETs, that provide ways to protect personal information from being accessed or misused by others.
Indeed, the internet is home to a wide range of threats to privacy, from hackers, through identity thieves, to online predators and PII snatchers. PETs help to mitigate these threats by providing ways to secure personal information and prevent it from being accessed by unauthorized parties. PETs can also help businesses comply with legal and regulatory requirements for protecting the privacy of their customers and clients.
Protecting the privacy of individuals is not just a legal or regulatory requirement, it is also an ethical obligation. PETs can help organizations to uphold their ethical obligations by providing ways to respect the privacy of individuals and protect their personal information.
Where do data clean rooms come into the picture?
One of the most critical PETs on the market today is data clean rooms. A data clean room is a secure environment where sensitive data is processed and managed in a way that ensures it is used in a privacy-compliant way.
DCRs have gained significant momentum in the past year, especially in the realm of marketing measurement and optimization. Between Apple’s game-changing App Tracking Transparency (ATT) framework announcement, Meta’s decision to only send user-level data to Mobile Measurement Partners (MMPs) and not advertisers, and the upcoming demise of Google’s 3rd-party cookies and device advertising IDs in 2024, data sharing is becoming increasingly limited. As a result, campaign measurement and optimization are more challenging than ever before for advertisers.
Data clean rooms, PETs in their own right, can also utilize other PETs in practice. In fact, doing just that can turn a good data clean room into a great data clean room by providing an additional layer of data privacy protection. It can also support the zero-trust policy by all parties using DCR and will reduce privacy vulnerability.
So how can PETs be used for marketing purposes within a DCR?
DCRs enable marketers to gain visibility to aggregated campaign insights and make data-driven decisions while preserving their end-users’ privacy.
It’s important to note that choosing the right PET depends on the marketing use case, the data types being used, and the relevant privacy requirements.
Let’s look at a few examples:
Multi-Party Computation (MPC)
A cryptographic technique that enables multiple parties to perform joint computations on private data, without revealing anything beyond what the computation result reveals. In other words, an MPC allows multiple parties to work together on a computation while keeping their inputs private.
An encryption form that enables computations to be performed directly on encrypted data, without first having to decrypt it. This allows sensitive information to be processed without exposing it to the parties performing the computation. The result of the computation can then be encrypted again and used by all relevant parties.
Private set intersection (PSI)
PSI is a cryptographic protocol that enables two parties to find the intersection of their private sets of data, without revealing any information about the individual elements in the sets except the ones that appear in the intersection.
K-anonymity involves the obscuring of user identities so they are indistinguishable from the other individuals within a size “k” group. The purpose of k-anonymity is to protect the privacy of individuals by preventing the identification of individual records in a dataset.
Companies can train machine learning models on decentralized data, enabling them to make use of data from multiple sources while preserving privacy.
PETs can anonymize personal data, making it difficult or impossible to identify individual people based on the data. This can be done by removing or obscuring personal identifiers such as names, addresses, telephone numbers and persistent device identifiers.
By adding random noise to sensitive data, companies can hide identifiable characteristics of individuals, ensuring that the privacy of personal information is protected, and yet, it’s small enough to not materially impact the accuracy of the derived insights.
The challenges of PETs
The value of PETs is clear: increased data security and enhanced user privacy are key pillars in today’s and tomorrow’s digital environment. They improve trust among users and offer greater transparency.
But it’s also important to address challenges that PETs surface, namely:
- Increased complexity: PETs can be complex and difficult to implement, which can be costly and time consuming.
- Lower efficiency: PETs can sometimes be less efficient than traditional solutions, as they require more processing power and thus can be slower.
- Higher cost: PETs can be more expensive to implement than traditional solutions, due to the extra processing power and associated costs.
All of these challenges can be handled properly with the right PET partner. As with anything, having the right tools and services on your side can set you on a path to success.
I know this wasn’t an easy read, with lots of multisyllabic words that make privacy technology seem highly technical and unobtainable. But if you have stayed with me, I’d like to leave you with 3 key takeaways:
- In the marketing world, DCRs are the future of measurement, activation, collaboration and more. As more DCRs emerge, you should consider wisely the ones that will suit your needs and remain relevant in the ever-changing privacy landscape. Choose a vendor that specializes in DCRs and PETs but also offers the relevant marketing background.
- PETs are power multipliers when implemented within your DCR. Security and privacy are tied to all of the main DCR use cases, so I’d suggest you won’t compromise on these needed precautions.
- In order to achieve a sufficient level of user privacy protection as well as a better commercial advantage to your business, you will probably need some combination of all of the PETs mentioned above. Don’t be discouraged by this, it’s within reach.