Data privacy continues to evolve, and brands need to proactively explore privacy-compliant solutions to targeting and attribution challenges. Marketers also need to look at how these approaches can intersect and integrate to get ahead of the curve.
Clean rooms are gaining momentum as a privacy-first analysis solution because they let marketers safely match and intermingle their first-party data with platform data. But they come with many limitations and even a certain degree of risk, especially if you’re depending on ad platform-owned clean rooms.
If your business is using a data clean room right, chances are high that you’re using one offered by a platform like Google, Meta, or Amazon. Basically, these work because you provide a direct pipeline of data to an advertising platform (via a pixel, Offline Conversions API, etc.) where personally identifiable information (PII) is matched to the platform’s identity graph, after which the onboarded record is purged.
The platforms get some tangible benefits from this setup because advertisers can inadvertently “overshare” by giving the platforms access to more data about individuals they can then use to further augment profiles or even shadow profile individuals they have no data about.
Brands that are taking user privacy preservation seriously need to consider utilizing a clean-room type solution where data is never explicitly transferred into the advertising platform. We call this new breed of clean room environment a server-side clean room.
What are the functions of a server-side clean room and how does it help solve for identity resolution?
In a world where 3P cookies are a distant memory and no passive data transmission can occur on a website, the future could look very bleak for marketers. Indeed, if you want to scare a marketer in two words or less, “No Cookies” ranks right up there with “No Budget.”
You need to get ahead of this potential future state. That starts with understanding what will still work. You will still be able to gather 1P data from users when it is explicitly shared with your business, and advertising platforms will be able to do the same—with the critical caveat that neither party will be able to share that information with the other.
It seems like a classic paradox: how can both parties recognize a common individual they have mutual consent from and use that information for reporting and targeting optimization?
That’s where the concept of server-side clean rooms comes into play.
Server-side clean rooms will allow for granular control over data pipelines, ensuring that no protected information is ever utilized (let alone shared) within an advertising clean room. This new version of a clean room serves as a privacy-first solution for co-mingling data with advertising platform identity graphs because the data never actually enters their systems.
That means that:
- No additional data is transferred to the platform to augment a user’s targeting profile beyond the fact they converted on this brand
- If a user is not matched (i.e. isn’t noted as exposed to an ad campaign on the platform), then that data will NOT be shared with the platform.
Server-side clean rooms preserve privacy because they never actually share any data with a third party. Think of it this way: Person #1 and Person #2 each have a secret they can’t tell the other. But they can both whisper their secret to person #3, who is a neutral third party. Person #3 can let each person know if their secrets are actually the same, which validates the information.
In a server-side clean room, PII that is actively shared by users can be augmented and immediately processed by a server-side intermediary to determine if it matches any PII stored within the ad platform’s identity graph.
Instead of sharing your data with a third party (like an ad platform), the server-side intermediary simply matches and confirms the signal (a conversion event). The data transmitted to the clean room could also be augmented prior to ingestion with additional identity variables or user attributes that could increase the value of the conversion. That’s not possible in our current world, because ad platforms are fed directly from browser signals, which aren’t all created equal.
With every new advance comes a new defense, of course. Apple’s Hide My Email, for example, would still disrupt a server-side clean room’s ability to match emails across systems because the feature generates unique, one-time-use emails for users, so even actively shared information is difficult or even impossible to match.
Start with your data: the role of customer data platforms and server-side portability
Currently, there are commoditized off-the-shelf server-side data portability solutions available, but the quality and utility of those solutions vary. You need to be able to refine the data and include interactions that take place beyond the browser.
Server-side solutions controlled by customer data platforms (CDPs) make sense as the logical evolution of this space, but the increased power of these outputs comes with additional risk and responsibility.
When you add more refinements, you’re essentially introducing more pipes for data to travel through. They can break at times, experience latency, and be hard to control if you don’t have the right processes and safeguards in place.
Shopify is a prime example. They have faced some criticism of their server-side data-capture solution because it doesn’t always generate the optimal data payload for advertising platforms. That’s because it prioritizes all of the attributes downstream. When everything is prioritized, nothing is prioritized, which had a negative impact on identity reconciliation.
Minimizing data feedback loop latency is critical. Meta, for example, has noted that a delay of more than four hours following an event will result in diminished impact with regard to algorithmic optimization.
Some of the big selling points for CDPs are audience management and automation (which is really just the second coming of marketing automation platforms), but a critical value proposition people might not be focused on is tag management functions. Platforms like Tealium, mParticle, and Segment have made this a key aspect of their solutions. They don’t simply port and manage audiences, they look at what those audiences do and utilize those insights as part of the conversion feedback mechanism.
The construct isn’t new. Google Ads has been supporting Offline Conversion Tracking (OCT) for over a decade through the use of gClids, but this isn’t the OCT you are used to. The new version is built for both speed (by focusing on real-time signal processing rather than batch uploads), and accuracy (by including a broader array of identity elements for matching).
Protect identity resolution capabilities: take action like Data Zero is coming tomorrow
It’s possible that a future awaits where websites have no PII-based tracking functions whatsoever. Facebook and Google pixels are replaced with technology that would feel more at home on a GeoCities website circa 1998.
It wouldn’t be just PII use that’s curtailed; all passive identification solutions are illegal and you won’t be able to track or port identity between platforms due to browser restrictions or privacy laws.
Essentially, everyone would be anonymous until they provide an explicit identifier like an email and even then it will be tied to a moment in time and not persistent across return sessions.
We call this state data zero.
It might sound like science fiction now, but platforms are already preparing for the possibility of data zero. A server-side solution featuring a clean room-esque environment where no data is ever shared would be essential if you wanted to utilize PII feedback loops for algorithmic optimization. Clean rooms would likely be used in a much broader capacity, not just for measurement but for audience onboarding and unifying cryptographically stored PII.
The extreme of data zero is unlikely, but you do need to look ahead. You’re probably already doing some things that will help your brand if data zero comes to pass, like incentivizing consumers to share information consensually.
Data that is willingly shared with a brand is sometimes attributed as first-party data, but it’s also known as zero-party data, a term coined by Forrester in 2020. It is widely believed to be some of the most reliable data available because it comes straight from the consumer. (And, appropriately, zero-party data is the key to success in a data-zero world.)
Right now, we essentially rent out audiences on our core digital ad platforms. When you’re using your own audience data, those audiences become platform agnostic. which means you’ll be able to understand how they interact with your brands across different channels.
You can also maintain your relationship with those consumers even if a particular ad platform is presenting some challenges or exhibiting poor performance. If you leave the platform and you’re using your own data, you can actually take your audiences with you.
Marketers recognize that they need to make moves to own more of their data, but they’re not always clear on what they should do with it once they have it. In fact, Forrester’s Data Deprecation Challenge and Promise of Zero-Party Data report found that 90% of the marketers surveyed plan to capture more zero-party data, but 42% also said they didn’t know how to use zero-party data effectively.
Deprecation Challenge and Promise of Zero-Party Data report found that 90% of the marketers surveyed plan to capture more zero-party data, but 42% also said they didn’t know how to use zero-party data effectively.
Own your data: find the right customer data platform
A CDP is mission-critical for your business, so you need to choose carefully among the wide swath of options. Performance and scale are key factors when you are researching your CDP options.
We recommend assessing each platform around four core capabilities:
Data Portability for Advertising Platforms
- Audience activation: Refresh rate and platforms with active API connections.
- Event-forwarding capabilities: Support for scope and granularity of data across platforms with active API connections.
- Available integrations to join with 3P data sources such as a Gender Inference API for augmented customer intelligence.
Lifecycle Marketing Management
- Manual and automated segmentation capabilities
- Stage/buyer journey tracking and triggered interactions
- Support for partitioning and managing user consent and preferences alongside a Consent Management Platform (CMP).
When we look at the future of data privacy, there are still so many unknowns. But one thing is true: data is indeed the new oil. It’s that valuable. And your brand needs to make the right moves now to stay viable in a privacy-first future, whatever that may look like.